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Text: 



Successful businesses take calculated risks to achieve objectives. 
Globalization, deregulation, Web-based services, complicated financial 
instruments and contracts, emerging markets — all contain tremendous 
potential advantages for companies and carry the danger of huge mistakes or 
unexpected developments. Businesses must measure these risks, try to 

minimize them and — if possible use them to their advantage. The CPA is 

the professional best suited to help them manage risk. CPAs — as internal or 
external advisers — have the skills and competencies required to help 
companies evaluate and address risk. 



This article describes a generic framework or set of steps for risk 
management — based on current best practices — that is applicable to any size 
or type of organization. The AICPA risk advisory services task force 
created the framework as a resource for CPAs advising clients or employers 
in an increasingly complex business environment . 
STEP BY STEP 

Although each business may have its own unique approach to risk 
management, current best practices suggest following these steps: 

* Establish the context; look carefully at an organization's 
strategy, stakeholders and environment. 

* Identify situations that can affect the business objectives. 

* Analyze and assess the risks. 

* Design strategies for managing risks. 

* Implement and integrate management processes. 

* Measure and monitor the business' efficiency, profitability and 
vulnerability . 

* Report the data to the executives who are in charge. 
ESTABLISH THE CONTEXT 

Risk management can succeed only when it works within the context of 
a company's environment, goals, objectives and strategies. Organizations 
may differ greatly in their risk tolerance and management styles. 
Deposit-taking institutions necessarily place a high value on solvency and 
the preservation of capital. Their investors and customers expect a good 
return with little risk. Companies that prospect for minerals or develop 
high-tech products focus on big rewards in exchange for big risks. Their 
investors typically understand this tradeoff and the significance of such 
an organization's appetite and capacity for risk. CPAs will want to examine 
a company's business environment and risk tolerance as a first step in risk 
advisory services. 

How do these ideas work in practice? The Medicines Co. (TMC) , a 
pharmaceutical developer in Cambridge, Massachusetts, has been able to 
minimize risk because it not only understands the market but also knows how 
to leverage its strengths. According to a report on TMC by Stan Davis and 
Christopher Meyer in Future Wealth, developing a drug can cost as much as 
$300 million, and the process entails several distinct stages — from 
creating the chemical or biological compound to winning approval from the 
Food and Drug Administration. Pharmaceutical companies take a risk that the 
huge investment will pay off in the hope of producing a billion-dollar 
seller such as Zantac or Viagra. 

TMC understands that drug development involves a sequence of very 
different risks. A product can fail for several reasons at any stage, but 
the rigors of the approval process can kill it late in the game. The later 
the failure, the more expensive it is. 

TMC recognized which risks it managed well — for example, the 
potential for failure during clinical trials. It had recognized it was weak 
in the beginning stages — basic research — and at the end of the 
process — marketing drugs to physicians. Accordingly, the company buys the 
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rights to proven chemical and biological compounds, develops them into 
drugs and then sells them to other pharmaceutical organizations to bring to 
market. Having successfully found its niche, TCM bears risk only in the 
areas where it is strongest . 

Once a company understands the risks of an undertaking, the owners 
or management can develop a strategy for containing them. This may involve 
formally structured policies and procedures or an informal process, 
depending on the business. Companies may bring in risk management 
consultants, such as CPAs, to help the business get to this stage. As part 
of the risk management process, company leaders might ask 

* What are our objectives? 

* What are our values? 

* Who is accountable? 

* Who has the authority? 

Questions like these can help establish the context for an 
organization's risk management efforts. 

IDENTIFY SITUATIONS WITH RISK IMPLICATIONS 

Managers need a systematic approach for uncovering and addressing 
risks that might affect a company's success. If a CPA is called on to 
consult on this aspect of risk management, he or she must develop a risk 
identification system that's rigorous, flexible and pertinent to the 
company under the microscope. 

What kinds of risks might a business typically discover? The 
Guinness Co., for example, defined seven types within its large but 
relatively straightforward businesses, United Distillers and Guinness 
Brewing Worldwide, according to Managing Business Risks: An Integrated 
Approach, from the economic intelligence unit at Arthur Andersen. The 
treasurer is responsible for managing them. They are 

* Brand equity risk, which could affect the company's brand name or 
reputation . 

* Customer satisfaction risk, which would reflect poor consumer 
reception to products. 

* Product quality risk, which would reflect quality control 

* Catastrophic risk, which would generally cover political, natural 
or other disasters. 

* Regulatory risk, which results from political changes affecting 
the industry. 

* Cultural risk, which could damage brand image or acceptance based 
on changes in the attitudes of consumers. 

* Trade war risk, which would result from price cutting or other 
competitive practices. 

ANALYZE AND ASSESS RISK 

Once a company knows its risks, it needs to rank them to establish 
priorities in order to make decisions. The sidebar, "A Cartography of 
Risk," page 70, shows how to map the impact of risk. 

Quantitative data play an important role in the process. Canadian 
Pacific is a diversified operating company involved in transportation, 
energy and hotels. Its bottom line is affected by external factors, such as 
fluctuations in the prices of crude oil, natural gas and coal, as well as 
movements in interest and foreign exchange rates. (See exhibit, page 68.) 
Based on its analyses, Canadian Pacific can use derivative financial 
instruments, such as foreign exchange contracts, interest rate swaps and 
futures contracts, to mitigate its risks. This is the kind of quantitative 
analysis that CPAs can use to help clients or employers assess threats and 
opportunities . 

DESIGN RESPONSE STRATEGIES 

Once companies know their risks, there are four basic responses that 
CPAs can help them consider: 

* Avoid. If the threat associated with an opportunity is too high 
relative to the potential reward, it may be appropriate to drop the idea. 
However, some executives — and entire company cultures — may unwittingly 
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encourage risk aversion, which can result in missed opportunities. CPAs can 
provide data to illuminate whether an option spells trouble or promises new 
benefits. 

* Transfer. Strategies that CPAs can recommend to shift risk to 
third parties include buying insurance; using financial instruments, such 
as derivatives; outsourcing some parts of the process; or creating 
partnerships or strategic alliances. Transferring risk can be a smart 
strategy — but part of the due diligence is ensuring that the organization 
accepting the risk can fulfill its obligations.. 

* Mitigate. To increase the chances of achieving objectives, CPAs 
can help employers or clients establish and monitor critical success 
factors and key performance indicators, which signal whether a strategy is 
working or failing. The committee of sponsoring organizations (COSO) of the 
Treadway Commission and criteria of control project of the Canadian 
Institute of Chartered Accountants models provide guidance on the design 
and assessment of control in achieving objectives. 

* Accept. Companies may be able to live with some risks. For 
example, a gold mining company facing fluctuating mineral prices may 
conclude the profit opportunities outweigh the risks. 

ACT International, a U.K. -based financial software maker, made 
specific operational choices to detect and mitigate risk, according to 
Managing Business Risks: An Integrated Approach. It had grown very quickly 
until business and profits plummeted in the early 1990s. A survey clearly 
showed the company had failed to recognize profound customer unhappiness 
with its products and support. The company solved the problem, in part, 
with a program to elicit ongoing customer feedback. 

Customer surveys can make sense for many types of businesses. ACT 
asks its customers to rate the following on a scale of 1 (very unsatisfied) 
to 5 (very satisfied) in a poll that takes between 15 and 30 minutes to 
complete : 

* Product satisfaction. 

* Account management and sales personnel. 

* Customer service center response quality. 

* Technical support timeliness. 

* Customization of installations. 

* Administration and communication. The response rate is greater 
than 80%. Staff members talk to clients who have given ratings be low 3 in 
any area to learn what they can do to remedy the problem. The focus on 
customer satisfaction has helped the company return to profitability by 
mitigating possible future dissatisfaction. 

IMPLEMENT AND INTEGRATE 

What should clients or employers do to make sure the right risk 
strategies are in place? 

* Establish specific risk management objectives and performance 

* Create a culture in which employees are accountable for managing 

risk. 

* Develop an infrastructure for risk management. 

* Communicate information about and training in risk management. 
TD Bank strives to be the best risk manager among major Canadian 

banks. Meeting this objective requires a well established infrastructure, 
so the bank created a separate division staffed by qualified risk 
management professionals. Acting independently from the bank's business 
units, the group established a policy framework and defined TD ' s risk 
limits. Senior TD executives approve the group's protocol for managing 
major financial risks and review it at least annually. In addition, the 
board of directors' audit and risk management committee approves all such 

Risk management has become sufficiently important to boards and 
audit committees that an October 1999 report of the National Association of 
Corporate Directors offered guidelines. It concluded that the chairperson 
of the audit committee should develop an agenda that includes "a periodic 
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review of risk by each significant business unit." In many organizations, 
communication and training include raising awareness about risk management, 
explaining the organization's approach, implementing a common risk language 
and developing oversight skills. 

MEASURE, MONITOR AND REPORT 

The enormous scope of risk makes it impossible to have a 
one-size-fits-all approach to measuring and monitoring it. To understand 
how well it is managing risk, a firm or company must ask questions about 
its specific business that are tailored to discern: 

* Are we achieving the results we planned? 

* Are we monitoring and learning from control breakdowns and losses? 

* What are we doing about the major risks that we have identified? 

* Do we have the necessary guidelines or policies and procedures? 

* Do they work — or will they? 

Chase Manhattan Bank, now part of J. P. Morgan Chase, evaluated 
ongoing effectiveness in achieving its strategic goals in three areas: 
being the service provider of choice, the employer of 

choice and the investment of choice, according to Managing Business 
Risks: An Integrated Approach. The evaluation 
assesses the company's progress or failure to meet 

its risk goals using the following format. The measurements are subjective, 
but it would be possible to assess each item on, say, a 1 to 10 scale. 
Objective: To be the services provider of choice, measure: 

* Quality of product . 

* Functionality of product. 

* Speed of execution. 

* Cost of delivery. 

* Customer satisfaction. 

Objective: To be the employer of choice, measure: 

* Turnover ratios. 

* Salary and benefit levels. 

* Opportunities for development. 

* Employee satisfaction. 

Objective: To be the investment of choice, measure: 

* Share price. 

* Return on assets. 

* Return on equity. 

* Earnings. 

Good performance management is an essential tool in risk management. 
The bank translates these measurements into an ongoing reporting 
system for management, selectively tracking and attending to the most 

OPPORTUNITIES FOR ALL 

Many accounting firms offer risk advisory services. "CPAs who serve 
middle-market and small companies are typically very close to the 
owner/manager and knowledgeable about many aspects of their clients' 
businesses and their goals, " says Susan Menelaides, CPA, of Altschuler, 
Melvoin and Glasser, LLP, in Chicago. "We already have a good understanding 
of client companies' business strategies, goals and motivations, which 
qualifies us to assist them. We can help them keep their focus on setting 
and achieving goals, identifying what can go wrong and — more 
positively — maximizing opportunities to succeed. We offer objectivity and 
knowledge of how similar businesses operate." 

Similarly, CPAs working in industry have firsthand insight into the 
challenges facing companies and the options available to them to mitigate 

The steps outlined in this article provide CPAs a framework for 
understanding and addressing elements of risk. They are from Managing Risk 
in the New Economy, an AICPA booklet prepared by the risk advisory task 
force. CPAs — whether in public practice, corporate finance or internal 
auditors — are qualified to manage risk for employers or clients. Accepting 
and managing risk are critical to the success of any organization. 
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Taking a Well-Hedged Risk Boosts Sales for One Company 
As a an enticement, Bombardier, a Canadian aerospace and snowmobile 
company, offered a $1,000 rebate to buyers of its Ski-Doo machines in 16 
U.S. cities if the local snowfall was less than half the average of that in 
the past three years. Ski-Doo sales in the 16 cities soared 38% over the 
year before. Bombardier hedged its bet with snowfall options it purchased 
from Enron. The company paid Enron between $45 and $400 for each snowmobile 
sold, and Enron agreed to reimburse Bombardier the full $1,000 for every 
rebate paid. 

Source: Managing Risk in the New Economy, AICPA, Quoting from Future 
Wealth, by Stan Davis and Christopher Meyer. 
EXECTUVE SUMMARY 

* SUCCESSFUL BUSINESSES TAKE CALCULATED RISKS to achieve objectives. 
Companies must measure these risks, try to minimize them and — if 
possible — use them to their advantage. The CPA — as internal or external 
adviser — is the professional best suited to help them manage risk. 

* CURRENT BEST PRACTICES follow these steps in the risk management 

* Establish the context. 

* Identify potential risks. 

* Analyze and assess. 

* Design strategies for managing risks. 

* Implement and integrate management processes. 

* Measure and monitor the business' efficiency, profitability and 
vulnerability . 

* Report the data to the executives in charge. 

* CPAs AT FIRMS AND COMPANIES of all sizes are knowledgeable about 
clients' or employers' businesses and goals. Managing Risk in the New 
Economy, an AICPA booklet prepared by the risk advisory task force, 
provides a framework for understanding and implementing proper risk 
management steps. It can be found at www.alcpa.org/assurance/index.htm. 

Risk Management Resources 
AICPA 

Managing Risk in the New Economy 

This booklet, published by the AICPA risk advisory services task 
force, is available free of charge by contacting the AICPA' s member 
innovation team at iroger@aicpa.org. It can also be obtained on the Web 
under Assurance Services at www.alcpa.org/assurance/index.htm. This link 
also contains information about these services: 

CPA Performance View 

This is a valuable resource for CPAs who want to assess an 
organization's ability to monitor risk. It contains a variety of products 
for delivering consistent business performance measurement consulting 
services to clients. 

SysTrust Principles and Criteria, Version 2.0, describes what is 
necessary to help manage some system risks and to ensure system 
availability, security, integrity and maintainability. 

WebTrust 

WebTrust Principles and Criteria, Version 3.0, details principles to 
ensure the reliability of a Web site in terms of privacy; transaction 
integrity; security; availability; nonrepudiation; and confidentiality. 
CPAs can rely on the principles and criteria underlying these risk advisory 
services in creating strategies for their own businesses, their employers 
or their clients. 

Other sources 

* American Management Association: www.amanet.org. 

* Financial Executives Institute: www.fei.org. 

* Institute of Internal Auditors: www.theila.org. 

* Institute of Management Accountants: www.lmanet.org. 

* National Association of Corporate Directors: www.nacdonline.org. 

* The Risk Management Association (formerly Robert Morris 
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Associates): www.rmahg.org. 

Canadian Pacific Data, Hedged and Unhedged 



This illustrates the estimated effect of changes, under certain condi- 
tions, in the foreign exchange value of the Canadian dollar, interest 
rates and the prices of crude oil, natural gas and coal on consolidat- 
ed 2000 earnings, based on the company's 1999 annual report: 



U.S. one-cent decrease in the 
value of the Canadian dollar 
One percentage point 
decrease in interest rates 
U.S. $1 per barrel increase in 
the price of West Texas 
Intermediate crude oil 
— Pan Canadian 
— Other businesses 
10-cent per thousand cubic feet 
increase in natural gas prices 
U.S. $1 per metric ton increase 
in coal prices 

A Cartography of Risk 

A simple but powerful way to display 
likelihood and consequences of an event is 1 
exercise can "map" by critical success facti 
objective or each of the categories used in 
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including 
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$9 



$29 
($14) 



$13 



the relationship between the 
o use a risk grid. This 
r, overall organization 
identifying risk. 



Imagine a company relies heavily on a supplier that has a long track 
record in its field and a solid financial history. If the supplier were to 
go out of business or temporarily cease operations, the consequences to the 
company would be high, but the likelihood of such an event is low. This 
risk thus would be plotted on the map as noted by the X below. Once a 
company has plotted its risks on this map, it would concentrate first on 
those in the upper right box — high consequences and high likelihood of 
occurrence — then work its way down and left to deal with less likely or 
consequential threats. The map offers a quick graphic illustration of risks 
facing the company and where they are clustered in terms of severity and 
chances of occurring. 

Risk mapping can be used for both aspects of risk: opportunities and 
threats. Organizations may also find it useful to prepare risk maps for 
different time horizons. 

Consequence Likelihood of < 



High X 
Moderate 

Low Moderate High 

(Remote) (Possible) (Probable) 

STEPHEN W. BOD INE , CPA, a principal with Larson, Allen, Weishair 
& Co., LLP, Minneapolis, is also a member of the risk task force. His 
e-mail address is sbodine@larsonalten.com. ANTHONY PUGLIESE, CPA, is AICPA 
vice-president — member innovation. His e-mail address is 

apugliese@aicpa.org. Mr. Pugliese is an employee of the American Institute 
of CPAs and his views, as expressed in this article, do not necessarily 
reflect the views of the AICPA. Official positions are determined through 
certain specific committee procedures, due process and deliberation. PAUL 
L. WALKER, CPA, PhD, an associate professor at the University of Virginia, 
is a member of the AICPA/CICA risk task force. His e-mail address is 
pw4g@f orbes2 . comm . Virginia . edu . 
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Business Editors 

LENEXA, Kan.— (BUSINESS WIRE) — Nov . 12, 2001 

LabOne, Inc. (Nasdaq : LABS ) today reported record revenues of $58.2 
million for its third quarter ended September 30, 2001, an increase of 
$14.6 million or 33% over the third quarter 2000. 

Revenues for the third quarter 2001 included $2.6 million 
contributed by the Osborn Group (Osborn) , acquired August 31, 2001. Risk 
assessment services revenues increased $13.3 million (51%), healthcare 
increased by $1.7 million (17%) and substance abuse testing declined by 
$0.4 million (5%) . 

The company reported a net loss of $3.5 million or $0.33 per share 
compared to net income of $0.4 million or $0.03 per share for the third 
quarter 2000. These results include a non-cash charge of $3.2 million 
associated with warrants issued in connection with the investment by Welsh, 
Carson, Anderson and Stowe (WCAS) and an additional $0.4 million in after 
tax charges associated with the acquisition of Osborn during the quarter. 
Excluding $0.7 million of charges associated with the Osborn acquisition, 
EBITDA for the quarter was $4.6 million compared to $4.6 million last year. 

"Since the completion of the Osborn acquisition, we have dedicated 
much of our operational resources to the integration with LabOne," said W. 
Thomas Grant II, chairman, president and CEO of LabOne. "Although our 
efforts to integrate Osborn are on schedule, it is too early to realize any 
synergies. The completion of these integration efforts is scheduled during 
the fourth quarter of this year. Once completed, we expect to realize up to 
$10 million in annual savings associated with the elimination of 
duplicative laboratory costs. 

"The tragic events of September 11 had a modest impact on our 
operating results for the quarter. Risk assessment services activity 
declined immediately following the tragedy, but has since increased 
considerably. The temporary transportation delays had an unfavorable 
impact, not only with the delivery of healthcare specimens, but also with 
the costs associated with inbound freight during this period. Although 
minimally impacted by the disruption of air service, substance abuse 
testing continues to be impacted by the weakening labor market as it 
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affects pre-employment screening." 

"The calculation of basic and diluted earnings per share is somewhat 
complicated by the complex financing structure with WCAS related to the 
Osborn acquisition," said John W. McCarty, executive vice president and 
CFO. "The pro-forma financial statements and related notes included in the 
8-K/A, to be filed this week with the Securities and Exchange commission, 
will provide additional information about the existing capital structure 
and the expected expense reductions associated with the Osborn 
acquisition . " 

LabOne will conduct its quarterly conference call with Mr. Grant, 
Mr. McCarty and Mike Asselta, executive vice president and COO, at 9 a.m. 
Eastern Time, November 12. To join the conference call, dial 1-8 0 0-55 6-38 31 
and enter the passcode 00975. Following the call, a recording of the call 
will be available as a voice mail at 1-80 0-7 3 6-810 6, and as a download file 
from the company's web site at www.LabOne.com. 

About LabOne, Inc. 

LabOne is a national laboratory testing and information 
service provider with three divisions: 
risk assessment services, healthcare and substance 
abuse testing. The risk assessment division, with its 

Intellisys, ExamOne and SBSI companies, provides laboratory testing, 
paramedical examinations, attending physician statements, motor vehicle 
reports, background inspections and personal history interviews to life and 
health insurance companies. LabOne ' s healthcare division provides 
diagnostic testing and related services to physicians and managed care 
organizations, and to benefit providers and employers through its unique 
Lab Card(R) benefit program. The company's substance abuse testing division 
provides drug testing to employers. LabOne ' s web site is located at 
www . LabOne . com . 



This press release contains "forward-looking statements, " including, 
but not limited to, projections and statements of revenues, EBITDA and 
earnings growth. Forward-looking statements often can be identified by the 
use of forward-looking terminology, such as "believes," "expects," "may," 
"will," "should," "could," "intends," "plans," "estimates," "anticipates," 
variations there of, or similar expressions. The Company's future results 
of operations, financial condition and business operations may differ 
materially from those expressed in these forward-looking statements. Many 
factors could cause actual results to differ materially from those that may 
be expressed or implied in such forward-looking statements, including, but 
not limited to, the volume and pricing of laboratory tests performed by 
LabOne, competition, the extent of market acceptance of the Company's 
healthcare and substance abuse testing and related services, changes in 
government regulations and attitude toward regulation of the Company's 
services, the ability of LabOne to successfully integrate the Osborn Group, 
general economic conditions and other factors detailed from time to time in 
the Company's reports and registration statements filed with the Securities 
and Exchange Commission. Investors are cautioned not to put undue reliance 
on any forward-looking statement. 



Forward-looking Statements 



SELECTED FINANCIAL DATA 



Quarter months 
ended 2001 



September 30, 
2000 



% Increase 
(Decrease) 



Sales 



58, 234, 380 
(3, 488, 909) 



43, 626, 533 
357, 527 



33% 
(1076%) 



Net earnings (loss) 
Basic and diluted e. 

(loss) per common 
Total assets 



(0.33) 



0 . 03 



Working capital 
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Sales 

Net earnings ( L 
Basic and dilut- 

(loss) per 
Total assets 
Working capital 



164, 294, 335 
(2, 487,889) 
(0.24) 

192, 050, 453 
26, 311, 879 



123, 368, 602 
1, 138, 765 
0.10 
124, 102, 559 
22, 986, 206 



33% 
(318%) 



Consolidated Balance Sheets 





$ 1, 






$ 1, 






Accounts receivable 3 ^rade 














net^of Allowance for ^ ^ 














doubtful accounts of 














$3,035,095 in 2001 and 














$4,406, 612 in 2000 


46, 


796, 


172 


33, 


916, 


445 


Income taxes receivable 




411, 


173 




065, 


750 




5, 


794, 


368 


3, 


276, 


794 


Prepaid expenses and other 




























Deferred income taxes 


2' 


35l' 


646 


2' 


7 4 0 ' 


824 


Total current asset- 


61 


736 


557 


47 


519 


937 


Pro ert lant and e ui ment 


104' 


5lV 


104 


89' 


1 4 i ' 


999 


Less r accumulated n de e reciation 
ess accumu a e eprecia ion 


57 ' 


115' 


208 


43' 


9 3 6 ' 


028 


Net property plant 














and equipment 


47, 


402, 


896 


45, 


308, 


971 


Other assets: 














I accumulated S amortization 
















82, 


674, 


974 


34, 


728, 


755 


Bond issue costs net of 














accumulated amortization of 














$53,859 in 2001 and $40,758 














in 2000 




138, 


287 




151, 


388 


Deposits and other assets 




97, 


739 




270, 


124 


Total assets 


$192, 


050, 


453 


$127, 


979, 


175 


LIABILITIES AND STOCKHOLDERS ' EQUITY 














Current liabilities: 














Accounts payable 


$ 22, 


273, 


961 


$ 14, 


516, 


703 


Accrued payroll and benefits 


7, 


713, 


364 


4, 


457, 


136 


Other accrued expenses 


3, 


034, 


302 


1, 


714, 


033 


Other current liabilities 




480, 


886 




279, 


228 


Notes payable 




50, 


000 




81, 


250 


Current portion of 














long-term debt 


1, 


872, 


165 


1, 


878, 


845 


Total current liabilities 


35, 


424, 


678 


22, 


927, 


195 


Corporate borrowings 


39, 


581, 


788 


38, 


677, 


349 


Other long term debt 


36, 


093, 


333 








Deferred income taxes -noncurrent 


1, 


881, 


000 


1, 


663, 


669 



Stockholders' equity: 
Preferred stock, $.01 par 
value per share; 3,000,000 
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shares authorized, Series 

B-l, 14,000 shares issued 14,000,000 
Common stock, $.01 par value 
per share; 40,000,000 shares 
authorized, 13,050,020 

shares issued 130,500 130,500 

Additional paid-in capital 34,583,642 31,609,884 

Equity adjustment from 

foreign currency 

translation (850,913) (832,280) 

Retained earnings 65,088,758 69,234,884 

112,951,987 100,142,988 

Less treasury stock of 
2,246,710 shares in 2001 and 

2,324,671 shares in 2000 33,882,333 35,432,026 

Total stockholders' equity 79,069,654 64,710,962 

Total liabilities and 
stockholders' equity $192,050,453 $127,979,175 

Consolidated Statements of Operations 

Quarter ended 
September 30, 
2001 2000 





$ 58 


,234, 380 


43, 


. 626, 


, 533 


Cost of sales 














Cost of sales expenses 


41 


,283, 


616 


29, 


. 086, 


, 601 


Depreciation expense 




756, 


400 




596, 


.269 


Total cost of sales 


42 


, 040, 


016 


29, 


. 682, 


.870 




16 


, 194, 


364 


13, 


. 943, 


. 663 


Selling, general and administrat ii 














Selling, general and 














administrative expenses 


13 


, 063, 


679 


9, 


953, 


.722 


Depreciation expense 


1 


,267, 


074 


1, 


093, 


.831 


Amortization expense 


4 


, 313, 


081 


1, 045, 


.001 


Total selling, general 














and administrative 


18. 


, 643, 


834 


12, 


092, 554 


Earnings (loss) from 
















(2,449, 


470) 


1, 


. 851, 


.109 


Interest expense 




(919, 


943) 




(673, 


.127) 


Interest income and other 




311, 


703 




18, 


. 340 


Earnings (loss) before 
















(3. 


,057, 


710) 


1, 


196, 


.322 


Income tax expense 




431, 


199 




838, 


.795 


Net earnings (loss) 


$ (3,488, 


909) 




357, 


.527 



Basic and diluted earnings 
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Nine months ended 
September 30, 
2001 2000 



Sales 
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Cost of sales expenses 
Depreciation expense 
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Basic and diluted earnings 
(loss) per common share 
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Text: 



Business Editors 

LENEXA, Kan. — (BUSINESS WIRE) — Nov. 2, 2001 

LabOne, Inc. (Nasdaq NMS : LABS ) announced today that it will report 
third-quarter financial results before the open of the market November 12, 
2001 . 

LabOne will conduct its quarterly conference call with W. Thomas 
Grant II, chairman, president and CEO, John W. McCarty, executive vice 
president and CFO, and Mike Asselta, executive vice president and COO, at 9 
a.m. Eastern Time, November 12. To join the conference call, dial 
800/556-3831 and enter the passcode 00975. Following the call, a recording 
of the call will be available as a voice mail at 80 0/73 6-810 6, and as a 
download file from the company's web site at www.LabOne.com. 

About LabOne, Inc. 

LabOne is a national laboratory testing and information 
service provider with three divisions: 
risk assessment services, healthcare and substance 
abuse testing. The risk assessment division, with its 
Intellisys, ExamOne and SBSI companies, provides laboratory testing, 
paramedical examinations, attending physician statements, motor vehicle 
reports, background inspections and personal history interviews to life and 
health insurance companies. LabOne ' s healthcare division provides 
diagnostic testing and related services to physicians and managed care 
organizations, and to benefit providers and employers through its unique 
Lab Card(R) benefit program. The company's substance abuse testing division 
provides drug testing to employers. LabOne ' s web site is located at 
www . LabOne . com . 

Forward-Looking Statements 

This press release may contain "forward-looking statements" as well 
as historical information. Forward-looking statements include projections, 
statements of plans and objectives, statements of future economic 
performance and statements of assumptions underlying such statements. 
Forward-looking statements involve known and unknown risks and 
uncertainties. Many factors could cause actual results to differ materially 
from those that may be expressed or implied in such forward-looking 
statements, including, but not limited to, the volume and pricing of 
laboratory tests performed by LabOne, competition, the extent of market 
acceptance of the Company's testing services in the healthcare and 
substance abuse testing industries, general economic conditions and other 
factors detailed from time to time in the Company's reports and 
registration statements filed with the Securities and Exchange Commission. 
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protection provided to all proprietary information, whatever medium it 
exists in, is consistent. 

9 

Text: 

SAFEGUARDING INFORMATION 

It's how you protect it. Protecting proprietary information in today's 
corporate climate requires an understanding of the risks. 

iN THE LAST DECADE, the evolution in corporate restructuring, the 
exponential growth in information technologies, and an increasing rush 
toward globalization have changed the ways in which proprietary information 
must be safeguarded. One of the most important changes is the increasing 
interconnectedness of systems. These interconnected systems within and 
among corporations pose new challenges for the security professional 
working to safeguard proprietary information. For instance, 10 years ago, 
the protection perimeter was very easy to define, because most sensitive 
information was on paper and could be secured in a desk, box, or container. 
With the digitization of data, knowing where sensitive information is at 
all times has become more difficult. But many of the old challenges remain 
as well. For example, protection efforts must be integrated among different 
managers with diverse agendas. And employees must be made aware of the role 
they play in information protection. The first step in information 
protection is to understand the nature of the risks (see sidebar) . 
Solutions can then be adapted according to the specific manifestations of 
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these risks at each business. 

The key to protecting proprietary information in this multifaceted 
environment is to ensure that the level of protection provided to all 
proprietary information, whatever medium it exists in, is consistent. For 
example, if a piece of information requires physical access controls, such 
as copy numbers or limited distribution, then that piece of information 
should have the equivalent IT system access controls placed on it in its 
electronic incarnation, and employees should be made aware of the need to 
handle that information with equal care in any form. 

ANALYSIS 

The first step in ensuring consistent protection for all critical 
information is to clearly identify what information is significant, who 
might want it, and the time frame over which its protection must be 
ensured. The second step is to develop adequate procedures. 

Identify assets. To identify what must be protected, a security manager 
needs to find out how critical each information asset is and where it is. 
This information should be coupled with a brief snapshot of a company's 
goals and objectives to clarify why and how the information is valuable. 

To gather this type of information, the security team will need to work 
with managers from all business units. For example, when the author 
undertook this process at Enron Energy Services Inc. (EES), he interviewed 
each managing director, asking six questions: What is critical to the 
product, where is the intellectual property, what gives the company its 
competitive advantage, what helps create value for customers, what is 
critical to revenue flow, and who has it? He then hired a consultant to 
conduct a competitive intelligence analysis. The purpose of that analysis 
was to learn what information was already publicly available, whether 
information was being released inappropriately, and whether the company 
still had to expend resources to protect information already released. 

Know the enemy. The company must also assess who might want to target the 
information. Understanding who may have a need for the information may help 
the company fine-tune its awareness training and protection procedures. For 
instance, potential employees might want to learn more about the company. 
If the company stock is publicly traded, financial analysts will want to 
keep their information current. And individuals with stock might engage in 
online discussions to find information about the future success of their 
holdings. Of course, proprietary information must be protected from all 
entities that do not have a business need to know. 

Set a time frame. Information, like many products, has a shelf life. Some 
information, such as a special manufacturing process, might be valuable for 
years. Other information, such as a product-launch marketing plan, may only 
need to remain confidential for a short time. By identifying exactly how 
long each information asset needs to be secured, the company can avoid 
wasting resources. The central facts to consider are the life of the 
information and how long it has value to the company and to outside 
organizations. Another factor is the corporate culture. 

The cost of protection for each piece of information must be balanced 
against the loss that would be incurred if the data were exposed early. For 
example, the thrust of a company's new marketing campaign will become 
apparent the first time it is publicly shown. At that point, related 
documents can be recategorized to a lower level of protection. However, if 
this information were to be discovered before the campaign were initiated, 
competitors might develop a counter-campaign or a similar product, causing 
the company to lose its competitive edge and possibly leading to a loss of 
market share. At EES, as in most companies, the quarterly financial figures 
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are considered to be very sensitive until they are released. Not only can 
they affect stock prices, but also federal regulations require that this 
information be protected. 

IMPLEMENTATION 

Although much has changed with the advent of computers, the safeguarding of 
proprietary information still relies on the successful implementation of 
traditional physical security efforts, coupled with electronic security, 
and good employee training. We will not go into the specifics of physical 
security here, but it may be useful to highlight a few less traditional 
aspects of physical protection before looking at electronic measures. 

Physical measures. Security professionals should consider how crime 
prevention through environmental design (CPTED) practices can be applied to 
information protection. The security team can consider where rooms that 
will house critical departments, such as finance, should be located or 
where the company should place meeting rooms in which strategic planning 
discussions will take place. By doing so, they can make it easier to create 
a safety zone for critical business activities or confidential discussions 
of issues such as mergers and acquisitions. And when conducting an analysis 
of existing proprietary protection procedures, security managers should ask 
whether nonemployees can gain access to the offices of these departments. 

When EES relocated its senior management, CPTED principles were 
incorporated into the design, with security working closely with the 
interior designers and business owners. The result was increased protection 
for proprietary information in addition to overall improvements in 
executive protection. For example, the mergers and acquisitions department 
was placed away from high-traffic areas and away from the main entryways. 
Also, the receptionist was positioned to have a clear view of the lobby 

Labeling. Another consideration is how to mark information so that 
employees know it requires a particular level of protection. Technology can 
play a role in this arena. At EES, the IT department created, at the 
author's request, templates for all relevant computer applications. For 
example, using a Microsoft Office template, an employee could select 
"Confidential" from a drop-down list when creating a new document. The 
classification labeling would already be included in the document. The 
templates make it easy for employees to label data, and they ensure 
consistent labeling throughout the company. 

Retention and destruction. Another aspect of physical protection is the 
retention and destruction process. Most companies have developed document 
retention schedules. They then outsource the tasks of storage and eventual 
destruction of information according to the schedule. A close review of 
these procedures and of the suppliers should be undertaken as a part of the 
information security analysis to ensure that all material containing 
proprietary information, whatever the medium, is appropriately destroyed. 

For instance, as mentioned previously, office paper often is not shredded 
before being sent through the recycling process. Security managers must 
conduct due diligence on contractors' activities to see that the paper is 
handled properly. Several companies that specialize in document destruction 
will certify that the material has been shredded before being sent to the 
recycling plant . Using one of these companies will significantly reduce the 
possibility that proprietary information will be released. 

Electronic measures. The greatest threats to proprietary information he in 
the electronic realm. The first step in evaluating this risk is to review 
how the proprietary information is generated within and used by the IT 
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systems . 

processed and stored and how it is transmitted. The review should involve 
the employees who work with the information because they understand its 
sensitivity best. The review should attempt to identify vulnerabilities in 
the IT systems that would permit entities without a business need-to-know 
to access the information. 

Backup and recovery. Backup and recovery procedures should be scrutinized. 
Some information might be so sensitive that it is excluded from these 
routine processes. If so, the company must ensure that an appropriate 
backup and recovery procedure is in place; otherwise, a failure might mean 
that vital data cannot be recovered. 

Audits. Standard business audits are another tool for examining IT 
vulnerabilities. At EES, information protection is a component of the 
company's annual external audit of its business units. Auditors look at how 
each unit identifies sensitive information and vulnerabilities and how it 
manages them. 

Security products. One problem is that few business standards in the IT 
arena exist. The "Common Criteria" (ISO yob, "Evaluation Criteria for 
Information Technology Security") provides requirements for evaluating 
security products and systems. A product will be evaluated by an 
independent lab to determine whether it meets a certain level of 
protection, based on factors such as security objectives and how the 
equipment will be used. Though most corporations do not have a need for 
formally evaluated products, some companies have sensitive information that 
warrants a particular level of protection. For instance, companies 
providing PKI seek strong protection for the computers holding digital 
certificates. However, for most companies, security is subordinate to 
return on investment; thus, cost-benefit figures govern whether these 
products are purchased. 

Collaboration. Though the IT department is typically responsible for the 
technical aspects of ensuring the confidentiality, integrity, and 
availability of information systems, security managers must work with their 
colleagues in IT to provide balanced policies and an understanding of what 
is proprietary and needs protection. By collaborating to develop 
comprehensive policies, the security and IT departments can work from a 
common set of guidelines. 

Two ways of accomplishing this collaboration are by combining physical and 
IT protection efforts into one department or by creating one entity 
accountable for ensuring that both departments' protection policies are 
consistent and woven together to present a unified effort. At EES, the two 
groups are separate, but the oversight of policies resides with the author, 
who works closely with the chief information officer and other business 
leaders to make sure the security processes put in place are consistent 
with EES's business needs. 

Such a collaborative effort presents a strong deterrent to individuals 
attempting to circumvent the protection process. It also maximizes the 
protection budget by identifying potential overlaps or mismatches between 
physical and IT protection. For example, the IT department might invest in 
robust servers to protect sensitive information that meets the Common 
Criteria standards, yet the physical security at the data center may not be 
adequate. Conversely, the data center may be protected like Fort Knox, but 
the passwords for the servers may be weak. 

Employee issues. The final procedural step to be addressed concerns 
employee policies and training. At EES, this portion of the protection 
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process begins before an employee is hired. The offer package includes a 
copy of the company's conduct of ethics booklet, which addresses 
proprietary information; a certificate of compliance for the applicant to 
read and sign; and an offer letter stating that the offer is contingent on 
the applicant signing the compliance certificate. These efforts are in 
addition to standard preemployment background checks. After the applicant 
is hired, the employee orientation session reinforces the importance EES 
places on the protection of intellectual property. 

During employment, employees receive regular refresher training, and at 
their annual performance review, they restate their understanding and 
compliance with the conduct of ethics by signing a statement printed on the 
review form. Additional information is provided during leadership and 
management training and at various educational events over the year. These 
refresher events, though they reguire considerable effort by the company, 
are critical to the success of a protection program. 

EAPs. Awareness training is one way to ensure that employees fulfill that 
role. But whether employees reveal or protect intellectual property often 
comes down to their loyalty to the company and how they believe their 
employer has treated them. Employees who feel disenfranchised, for whatever 
reason, are more likely to reveal proprietary information or to be easy 
marks for competitive intelligence professionals seeking to exploit human 
weaknesses to access sensitive information. 

For this reason, information protection professionals should encourage 
employees to use the company's employee assistance program (EAP) . The 
program offers counseling in drug and alcohol abuse, financial 
responsibility, and interpersonal relationships. A viable EAP program lets 
employees know the company cares about them, which might be a deciding 
factor when an employee has to choose between protecting the company's 
intellectual property and revealing information. It is another tool a 
company can use to help safeguard proprietary information. 

If companies do not have an EAP, other options include working with the 
human resources department, for instance, to review the medical benefits 
program and determine whether drug and alcohol counseling is covered. Also, 
some companies conduct in-house financial programs to teach employees about 
basic checking accounts, budgeting, loans, credit cards, and so forth. 
These programs help employees avoid personal problems and, therefore, make 
them less susceptible to competitive intelligence practitioners' 
technigues . 

Rewards. In addition to having good procedures, companies must reward the 
people who assist their proprietary information protection program: The 
entire company must buy in to the security process. At the very least, each 
incident reported should be acknowledged with a quick e-mail or telephone 
call thanking the person for his or her participation in the protection 
program. The company may also want to have some formal corporate 
recognition program tied to information protection efforts. 

In addition, most corporations track various statistics that can be 
developed and used so that employees are constantly reminded of protection 
efforts. For instance, the author tracks the use of shred bins at EES, 
reporting monthly on how many were emptied and the cost. The objective is 
to show employees the increased acceptance of this destruction method and 
the volume of information now being appropriately destroyed. 

Often, greater time must be spent in protecting proprietary information 
during the termination process than the hiring process. At EES, employees 
leaving the company are provided further guidance regarding their 
obligations to protect intellectual property. 
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Security professionals must continue to develop new ways of protecting 
proprietary information. Challenges on the horizon-including advances in 
telecommunications, the impact of greater use of the Internet in 
businesses, and an increasingly mobile workforce-require that companies 
continually adapt their information protection strategies to ensure that 
there isn't a shadow of a doubt about who knows the company's secrets. 

NATURE OF THE RISK 

RISKS TO PROPRIETARY INFORMATION fall generally into four major categories: 
verbal, visual, physical, and electronic. 

Verbal. One of the greatest risks to proprietary information is that 
employees will openly discuss 

it through conversations they consider private without realizing that they 
are in public forums where others can overhear them. For example, the 
author heard from another se 

curity practitioner about an incident in which employees were celebrating 
too loudly on an airplane about their new marketing campaign and how it was 
going to drive their competitor out of the market. They then watched in 
horror as the competitor's security director, who was on the same flight, 
picked up the phone on board and called his CEO to outline their new plan. 

Competitive intelligence professionals often take advantage of the naivete 
of employees and their willingness to talk in public places with each other 
or to talk business with newfound "friends." For example, professionals 
charged with collecting intelligence about competitors have been known to 
purposely join the same gym as one of their competitors' executives in an 
attempt to elicit information. 

Lunchtime at local restaurants provides another great opportunity to learn 
what's happening at a company; intelligence practitioners can go to known 
hangouts and listen to the conversations around them. And employees are 
also often subject to elicitation calls; individuals trained in "human 
engineering" know just what to say to get untrained staff to reveal 
proprietary information on the phone. 

Visual. Visual risks to proprietary information are also numerous. For 
example, critical information is often left on office whiteboards after 
planning sessions or marketing presentations without any thought as to who 
might walk into the room next and see those notes. The author knows of one 
company that had a strategy meeting the day before closing a 

multimillion-dollar deal. The meeting lasted into the night, and the board 
was covered with pricing information, 

negotiation hard points, financial risk, and other critical data needed to 

close the deal. When the potential customer's representatives arrived early 
for the meeting the next morning, an assistant walked them into that 
particular conference room and left them alone for 30 minutes. When the 
team came in to conduct the negotiations, the deal had already been lost. 

Visual risks to information take some creative forms, because competitive 
intelligence professionals aggressively seek out opportunities to retrieve 
information through visual means. In one case, two senior executives from 
competing companies had been holding secret discussions on a possible 
merger. A third competitor had heard rumors and learned that a decision was 
going to be made when the two executives met for dinner. The third company 
learned the location of the restaurant, evaluated the possible courses of 
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action, and hired two lip readers to "listen in" on the conversation by 
watching and recording what was said. 

Many other forms of creative observation could be categorized as visual 
risks. For example, corporate intelligence practitioners trying to 
determine what a competitor is doing 

might count railcars or even measure the compression of the rust on the 
rails to determine how full the cars are. 

Physical. Physical risks to proprietary information take several forms. The 
simplest is that lax visitor controls can lead to unauthorized persons 
walking through facilities without an escort, making it easy for anyone to 
look for security weaknesses or gather intelligence and then walk out 
unobserved. Other physical risks may involve attempts to defeat access 
controls or steal laptops. More sophisticated intelligence gathering 
efforts may also be used, such as when visitors to pharmaceutical companies 
apply a sticky substance to their shoes so that they can pick up dust and 
analyze it to determine its chemical composition. 

Physical risks can also arise from the careless disposal of materials. 
Early drafts of sensitive memos might be tossed into recycling bins, and 
trash companies may not securely transport the material or shred it before 
turning it over to the recycler. 

Electronic. While verbal, visual, and physical risks to information date 
back to the beginning of knowledge itself, the computer age has brought 
with it the greatest new risk to a company's proprietary data. It is that 
today's proprietary information increasingly resides as electronic bits and 
bytes within the company's networked computer system. 

The electronic environment is full of exposures. In simple terms, if a 
company's computer network is connected to the outside world, as most now 
are, that system can be hacked into from anywhere in the world. 

While no perfect safeguards exist, the most common problem is that 
companies do not properly configure their systems 

to close known loopholes and monitor for signs of unauthorized entry. 
Hackers constantly scan networks worldwide looking for misconf igured 
systems they can exploit. Almost anyone can use sophisticated programming 
tools to analyze a system for vulnerabilities. These attacks are delivered 
using back doors, trusted links, the Internet, and insiders. 

Electronic means can often be used to circumvent a company's physical 
protections. For instance, the increased use of computers in telephony 
raises the guestion of whether a company's telephone switch is 
electronically isolated from the information network. Other concerns 
include what is posted on the company's Web page and whether employees are 
educated on the use of online chat rooms, stock message boards, and so on, 
both at work and at home. 

Imagine that an employee gets involved in " cheerleading" company stock 
online and in doing so reveals future plans that are not publicly 
available. In addition to the loss of proprietary information, there may be 
Securities and Exchange Commission violations to contend with. 

Security managers should also be concerned about who is connecting to the 
company's networks, including the corporate intranet. With the 
growing use of consultants and service providers who 

need access to the intranet as part of their jobs, proprietary information 
is at higher risk. 

Management should determine whether different business units 
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meet a common minimum standard for security or whether one can be exploited 
against another. In a multidivision, decentralized company, 
weaknesses in one division's IT infrastructure might be exploited to 
penetrate another's computers. 

BY PETE VAN DE GOHM, CPP 

Pete van de Gohm, CPP, is director of information asset protection for 
Enron Energy Services Inc. He is a member of ASIS. 

THIS IS THE FULL-TEXT. 

Copyright American Society for Industrial Security Sep 2001 



Geographic Names: United States; US 

Descriptors: Proprietary; Intellectual property; Security management; Information technology; 
Globalization 

Classification Codes: 5140 (CN=Security); 5220 (CN=Information technology management); 9190 
(CN=United States) 
Print Media ID: 19213 



3/9/30 (Item 30 from file: 148) 

13870940 ? ? Supplier Number: 78576325 (THIS IS THE FULL TEXT ) 
It's Not What You Know.(information security) 

GOHM, PETE VAN DE 

Security Management , 45 , 9 , 93 

Sept , 2001 

ISSN: 0145-9406 

Language: English 

Record Type: Fulltext 

Word Count: 3732 ? ?Line Count: 00314 

Text: 

It's how you protect it. Protecting proprietary information in today's 
corporate climate requires an understanding of the risks. 



IN THE LAST DECADE, the evolution in corporate restructuring, the 
exponential growth in information technologies, and an increasing rush 
toward globalization have changed the ways in which proprietary information 
must be safeguarded. One of the most important changes is the increasing 
interconnectedness of systems. These interconnected systems within and 
among corporations pose new challenges for the security professional 
working to safeguard proprietary information. For instance, 10 years ago, 
the protection perimeter was very easy to define, because most sensitive 
information was on paper and could be secured in a desk, box, or container. 
With the digitization of data, knowing where sensitive information is at 
all times has become more difficult. But many of the old challenges remain 
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as well. For example, protection efforts must be integrated among different 
managers with diverse agendas. And employees must be made aware of the role 
they play in information protection. The first step in information protect 
ion is to understand the nature of the risks (see sidebar) . Solutions can 
then be adapted according to the specific manifestations of these risks at 
each business. 

The key to protecting proprietary information in this multifaceted 
environment is to ensure that the level of protection provided to all 
proprietary information, whatever medium it exists in, is consistent. For 
example, if a piece of information reguires physical access controls, such 
as copy numbers or limited distribution, then that piece of information 
should have the eguivalent IT system access controls placed on it in its 
electronic incarnation, and employees should he made aware of the need to 
handle that information with equal care in any form. 

ANALYSIS 

The first step in ensuring consistent protection for all critical 
information is to clearly identify what information is significant, who 
might want it, and the time frame over which its protection must be 
ensured, The second step is to develop adequate procedures. 

Identify assets. To identify what must be protected, a security 
manager needs to find out how critical each information asset is and where 
it is. This information should be coupled with a brief snapshot of a 
company's goals and objectives to clarify why and how the information is 
valuable . 

To gather this type of information, the security team will need to 
work with managers from all business units. For example, when the author 
undertook this process at Enron Energy Services Inc. (EES), he interviewed 
each managing director, asking six questions: What is critical to the 
product, where is the intellectual property, what gives the company its 
competitive advantage, what helps create value for customers, what is 
critical to revenue flow, and who has it? He then hired a consultant to 
conduct a competitive intelligence analysis. The purpose of that analysis 
was to learn what information was already publicly available, whether 
information was being released inappropriately, and whether the company 
still had to expend resources to protect information already released. 

Know the enemy. The company must also assess who might want to 
target the information. Understanding who may have a need for the 
information may help the company fine-tune its awareness training and 
protection procedures. For instance, potential employees might want to 
learn more about the company. If the company stock is publicly traded, 
financial analysts will want to keep their information current. And 
individuals with stock might engage in online discussions to find 
information about the future success of their holdings. Of course, 
proprietary information must be protected from all entities that do not 
have a business need to know. 

Set a time frame. Information, like many products, has a shelf life. 
Some information, such as a special manufacturing process, might he 
valuable for years. Other information, such as a product-launch marketing 
plan, may only need to remain confidential for a short time. By identifying 
exactly how long each information asset needs to be secured, the company 
can avoid wasting resources. The central facts to consider are the life of 
the information and how long it has value to the company and to outside 
organizations. Another factor is the corporate culture. 

The cost of protection for each piece of information must be 
balanced against the loss that would be incurred if the data were exposed 
early. For example, the thrust of a company's new marketing campaign will 
become apparent the first time it is publicly shown. At that point, related 
documents can be recategorized to a lower level of protection. However, if 
this information were to be discovered before the campaign were initiated, 
competitors might develop a counter-campaign or a similar product, causing 
the company to lose its competitive edge and possibly leading to a loss of 
market share. At EES, as in most companies, the quarterly financial figures 
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are considered to be very sensitive until they are released. Not only can 
they affect stock prices, but also federal regulations require that this 
information be protected. 
IMPLEMENTATION 

Although much has changed with the advent of computers, the 
safeguarding of proprietary information still relies on the successful 
implementation of traditional physical security efforts, coupled with 
electronic security, and good employee training. We will not go into the 
specifics of physical security here, but it may be useful to highlight a 
few less traditional aspects of physical protection before looking at 
electronic measures. 

Physical measures. Security professionals should consider how crime 
prevention through environmental design (CPTED) practices can be applied to 
information protection. The security team can consider where rooms that 
will house critical departments, such as finance, should be located or 
where the company should place meeting rooms in which strategic planning 
discussions will take place. By doing so, they can make it easier to create 
a safety zone for critical business activities or confidential discussions 
of issues such as mergers and acquisitions. And when conducting an analysis 
of existing proprietary protection procedures, security managers should ask 
whether nonemployees can gain access to the offices of these departments. 

When EES relocated its senior management, CPTED principles were 
incorporated into the design, with security working closely with the 
interior designers and business owners. The result was increased protection 
for proprietary information in addition to overall improvements in 
executive protection. For example, the mergers and acquisitions department 
was placed away from high-traffic areas and away from the main entryways. 
Also, the receptionist was positioned to have a clear view of the lobby 

Labeling. Another consideration is how to mark information so that 
employees know it requires a particular level of protection. Technology can 
play a role in this arena. At EES, the IT department created, at the 
author's request, templates for all relevant computer applications. For 
example, using a Microsoft Office template, an employee could select 
"Confidential" from a drop-down list when creating a new document. The 
classification labeling would already be included in the document. The 
templates make it easy for employees to label data, and they ensure 
consistent labeling throughout the company. 

Retention and destruction. Another aspect of physical protection is 
the retention and destruction process. Most companies have developed 
document retention schedules. They then outsource the tasks of storage and 
eventual destruction of information according to the schedule. A close 
review of these procedures and of the suppliers should be undertaken as a 
part of the information security analysis to ensure that all material 
containing proprietary information, whatever the medium, is appropriately 
destroyed . 

For instance, as mentioned previously, office paper often is not 
shredded before being sent through the recycling process. Security managers 
must conduct due diligence on contractors activities to see that the paper 
is handled properly. Several companies that specialize in document 
destruction will certify that the material has been shredded before being 
sent to the recycling plant. Using one of these companies will 
significantly reduce the possibility that proprietary information will be 
released. 

Electronic measures. The greatest threats to proprietary information 
lie in the electronic realm. The first step in evaluating this risk is to 
review how the proprietary information is generated within and used by the 
IT systems. 

The key point is to review where the most sensitive information is 
processed and stored and how it is transmitted. The review should involve 
the employees who work with the information because they understand its 
sensitivity best. The review should attempt to identify vulnerabilities in 
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the IT systems that would permit entities without a business need-to-know 
to access the information. 

Backup and recovery. Backup and recovery procedures should be 
scrutinized. Some information might be so sensitive that it is excluded 
from these routine processes. If so, the company must ensure that an 
appropriate backup and recovery procedure is in place; otherwise, a failure 
might mean that vital data cannot be recovered. 

Audits. Standard business audits are another tool for examining IT 
vulnerabilities. At EES, information protection is a component of the 
company's annual external audit of its business units. Auditors look at how 
each unit identifies sensitive information and vulnerabilities and how it 
manages them. 

Security products. One problem is that few business standards in the 
IT arena exist. The "Common Criteria" (ISO 15408, "Evaluation Criteria for 
Information Technology Security") provides requirements for evaluating 
security products and systems. A product will be evaluated by an 
independent lab to determine whether it meets a certain level of 
protection, based on factors such as security objectives and how the 
equipment will be used. Though most corporations do not have a need for 
formally evaluated products, some companies have sensitive information that 
warrants a particular level of protection. For instance, companies 
providing PKI seek strong protection for the computers holding digital 
certificates. However, for most companies, security is subordinate to 
return on investment; thus, cost-benefit figures govern whether these 
products are purchased. 

Collaboration. Though the IT department is typically responsible for 
the technical aspects of ensuring the confidentiality, integrity, and 
availability of information systems, security managers must work with their 
colleagues in IT to provide balanced policies and an understanding of what 
is proprietary and needs protection. By collaborating to develop 
comprehensive policies, the security and IT departments can work from a 
common set of guidelines. 

Two ways of accomplishing this collaboration are by combining 
physical and IT protection efforts into one department or by creating one 
entity accountable for ensuring that both departments' protection policies 
are consistent and woven together to present a unified effort. At EES, the 
two groups are separate, but the oversight of policies resides with the 
author, who works dosely with the chief information officer and other 
business leaders to make sure the security processes put in place are 
consistent with EES ' s business needs. 

Such a collaborative effort presents a strong deterrent to 
individuals attempting to circumvent the protection process. It also 
maximizes the protection budget by identifying potential overlaps or 
mismatches between physical and IT protection. For example, the IT 
department might invest in robust servers to protect sensitive information 
that meets the Common Criteria standards, yet the physical security at the 
data center may not be adequate. Conversely, the data center may be 
protected like Fort Knox, but the passwords for the servers may be weak. 

Employee issues. The final procedural step to be addressed concerns 
employee policies and training. At EES, this portion of the protection 
process begins before an employee is hired. The offer package includes a 
copy of the company's conduct of ethics booklet, which addresses 

read and sign; and an offer letter stating that the offer is contingent on 
the applicant signing the compliance certificate. These efforts are in 
addition to standard preemployment background checks. After the applicant 
is hired, the employee orientation session reinforces the importance EES 
places on the protection of intellectual property. 

During employment, employees receive regular refresher training, and 
at their annual performance review, they restate their understanding and 
compliance with the conduct of ethics by signing a statement printed on the 
review form. Additional information is provided during leadership and 
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management training and at various educational events over the year. These 
refresher events, though they require considerable effort by the company, 
are critical to the success of a protection program. 

EAPs . Awareness training is one way to ensure that employees fulfill 
that role. But whether employees reveal or protect intellectual property 
often comes down to their loyalty to the company and how they believe their 
employer has treated them. Employees who feel disenfranchised, for whatever 
reason, are more likely to reveal proprietary information or to be easy 
marks for competitive intelligence professionals seeking to exploit human 
weaknesses to access sensitive information. 

For this reason, information protection professionals should 
encourage employees to use the company's employee assistance program (EAP) . 
The program offers counseling in drug and alcohol abuse, financial 
responsibility, and interpersonal relationships. A viable EAP program lets 
employees know the company cares about them, which might be a deciding 
factor when an employee has to choose between protecting the company's 
intellectual property and revealing information. It is another tool a 
company can use to help safeguard proprietary information. 

If companies do not have an EAP, other options include working with 
the human resources department, for instance, to review the medical 
benefits program and determine whether drug and alcohol counseling is 
covered. Also, some companies conduct in-house financial programs to teach 
employees about basic checking accounts, budgeting, loans, credit cards, 
and so forth. 

These programs help employees avoid personal problems and, 
therefore, make them less susceptible to competitive intelligence 
practitioners' techniques. 

Rewards. In addition to having good procedures, companies must 
reward the people who assist their proprietary information protection 
program: The entire company must buy in to the security process. At the 
very least, each incident reported should be acknowledged with a quick 
e-mail or telephone call thanking the person for his or her participation 
in the protection program. The company may also want to have some formal 
corporate recognition program tied to information protection efforts. 

In addition, most corporations track various statistics that can be 
developed and used so that employees are constantly reminded of protection 
efforts. For instance, the author tracks the use of shred bins at EES, 
reporting monthly on how many were emptied and the cost. The objective is 
to show employees the increased acceptance of this destruction method and 
the volume of information now being appropriately destroyed. 

Often, greater time must be spent in protecting proprietary 
information during the termination process than the hiring process. At EES, 
employees leaving the company are provided further guidance regarding their 
obligations to protect intellectual property. 

Security professionals must continue to develop new ways of 
protecting proprietary information. Challenges on the horizon — including 
advances in telecommunications, the impact of greater use of the Internet 
in businesses, and an increasingly mobile workforce — require that companies 
continually adapt their information protection strategies to ensure that 
there isn't a shadow of a doubt about who knows the company's secrets. 

Pete van de Gohm, CPP, is directer of information asset protection 
for Enron Energy Services Inc. He is a member of ASIS . 

NATURE OF THE RISK 

RISKS TO PROPRIETARY INFORMATION fall generally into four major 
categories: verbal, visual, physical, and electronic. 

Verbal. One of the greatest risks to proprietary information is that 
employees will openly discuss it through conversations they consider 
private without realizing that they are in public forums where others can 
overhear them. For example, the author heard from another security 
practitioner about an incident in which employees were celebrating too 
loudly on an airplane about their new marketing campaign and how it was 
going to drive their competitor out of the market. They then watched in 
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horror as the competitor's security director, who was on the same flight, 
picked up the phone on board and called his CEO to outline their new plan. 

Competitive intelligence professionals often take advantage of the 
naivete of employees and their willingness to talk in public places with 
each other or to talk business with newfound "friends." For example, 
professionals charged with collecting intelligence about competitors have 
been known to purposely join the same gym as one of their competitors' 
executives in an attempt to elicit information. 

Lunchtime at local restaurants provides another great opportunity to 
learn what's happening at a company; intelligence practitioners can go to 
known hangouts and listen to the conversations around them. And employees 
are also often subject to elicitation calls; individuals trained in "human 
engineering" know just what to say to get untrained staff to reveal 
proprietary information on the phone. 

Visual. Visual risks to proprietary information are also numerous 
For example, critical information is often left on office whiteboards after 
planning sessions or marketing presentations without any thought as to who 
might walk into the room next and see those notes. The author knows of one 
company that had a strategy meeting the day before closing a 

multimillion-dollar deal. The meeting lasted into the night, and the board 
was covered with pricing information, negotiation hard points, financial 
risk, and other critical data needed to close the deal. When the potential 
customer's representatives arrived early for the meeting the next morning, 
an assistant walked them into that particular conference room and left them 
alone for 30 minutes. When the team came in to conduct the negotiations, 
the deal had already been lost . 

Visual risks to information take some creative forms, because 
competitive intelligence professionals aggressively seek out opportunities 
to retrieve information through visual means. In one case, two senior 
executives from competing companies had been holding secret discussions on 
a possible merger. A third competitor had heard rumors and learned that a 
decision was going to be made when the two executives met for dinner. The 
third company learned the location of the restaurant, evaluated the 
possible courses of action, and hired two lip readers to "listen in" on the 
conversation by watching and recording what was said. 

Many other forms of creative observation could be categorized as 
visual risks. For example, corporate intelligence practitioners trying to 
determine what a competitor is doing might count railcars or even measure 
the compression of the rust on the rails to determine how full the cars 

Physical. Physical risks to proprietary information take several 
forms. The simplest is that lax visitor controls can lead to unauthorized 
persons walking through facilities without an escort, making it easy for 
anyone to look for security weaknesses or gather intelligence and then walk 
out unobserved. Other physical risks may involve attempts to defeat access 
controls or steal laptops. More sophisticated intelligence gathering 
efforts may also be used, such as when visitors to pharmaceutical companies 
apply a sticky substance to their shoes so that they can pick up dust and 
analyze it to determine its chemical composition. 

Physical risks can also arise from the careless disposal of 
materials. Early drafts of sensitive memos might be tossed into recycling 
bins, and trash companies may not securely transport the material or shred 
it before mining it over to the recycler. 

Electronic. While verbal, visual, and physical risks to information 
date back to the beginning of knowledge itself, the computer age has 
brought with it the greatest new risk to a company's proprietary data. It 
is that today's proprietary information increasingly resides as electronic 
bits and bytes within the company's networked computer system. 

The electronic environment is full of exposures. In simple terms, if 
a company's computer network is connected to the outside world, as most now 
are, that system can be hacked into from anywhere in the world. 

While no perfect safeguards exist, the most common problem is that 
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companies do not properly configure their systems to close known loopholes 
and monitor for signs of unauthorized entry. Hackers constantly scan 
networks worldwide looking for misconf igured systems they can exploit. 
Almost anyone can use sophisticated programming tools to analyze a system 
for vulnerabilities. These attacks are delivered using back doors, trusted 
links, the Internet, and insiders. 

Electronic means can often be used to circumvent a company's 
physical protections. For instance, the increased use of computers in 
telephony raises the question of whether a company's telephone switch is 
electronically isolated from the information network. Other concerns 
include what is posted on the company's Web page and whether employees are 
educated on the use of online chat rooms, stock message boards, and so on, 
both at work and at home. 

Imagine that an employee gets involved in "cheerleading" company 
stock online and in doing so reveals future plans that are not publicly 
available. In addition to the loss of proprietary information, there may be 
Securities and Exchange Commission violations to contend with. 

Security managers should also be concerned about who is connecting 
to the company's networks, including the corporate intranet. 
With the growing use of consultants and service 

providers who need access to the intranet as part of their jobs, 
proprietary information is at higher risk. 

Management should determine whether different business 
units meet a common minimum standard for security or whether one can be 
exploited against another. In a multidivision, decentralized 
company, weaknesses in one division's IT infrastructure might be 
exploited to penetrate another's computers. 
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Business Editors 

LENEXA, Kan.-- (BUSINESS WIRE)— Aug. 31, 2001 
LabOne, Inc. (Nasdaq : LABS ) : 

Acquisition Further Strengthens LabOne ' s Position as a Leading 
Provider of Cost-Ef f ective and Competitive Risk Assessment Services 
to the Life Insurance Industry 

LabOne Receives Financing Facility Totaling $80 Million From Welsh, 
Carson, Anderson & Stowe 

LabOne, Inc. (Nasdaq : LABS ) today announces the acquisition of Osborn 
Group, Inc., Olathe, Kan., a wholly owned subsidiary of ChoicePoint, Inc. 
(NYSE:CPS), for $49 million in cash. 

Osborn Group is a leading provider of risk assessment services to 
the life insurance industry, with approximately $37 million in annual 

LabOne is a leading provider of risk assessment services to the 
insurance industry, laboratory testing and other services for the 
healthcare industry and substance abuse testing services for employers. Its 
risk assessment services include high-quality laboratory testing, 
investigative services, teleunderwr it ing, underwriting case management, and 
paramedical examinations. These services provide critical data for the 
underwriting of insurance policies and claims processing. With this 
acquisition, LabOne will have a combined revenue base of $250 million and 
will annually perform laboratory testing for approximately 10 million 
individuals for its risk assessment, healthcare and substance abuse testing 
clients. Due to operational overlap, LabOne expects to generate $5 to $10 
million of annual cost savings from the acquisition. 

"We are excited about the opportunity that this acquisition provides 
for LabOne and Osborn customers, employees, and our shareholders, " said W. 
Thomas Grant II, the chairman, president and CEO of LabOne. "The 
combination of these two companies will allow us to utilize excess 
laboratory capacity and integrate our services and information technology 
platforms providing a broader array of services for our customers." 

Welsh, Carson, Anderson & Stowe (WCAS) will invest a total of 
$50 million in preferred equity and subordinated debt in LabOne to fund the 
acquisition and related expenses of the transaction. In addition, WCAS 
maintains a right of first refusal to invest an additional $30 million in 
LabOne to fund future acquisitions. WCAS will invest $14 million in 
convertible preferred equity, $21 million in preferred equity, and $15 
million in subordinated debt. The convertible preferred equity will be a 
Series B Convertible Preferred Stock, which will have a conversion price of 
$8.32 and a coupon of 8.0%, payable in kind. The preferred equity will have 
a coupon of 18%, payable in kind, and, upon receipt of shareholder 
approval, will convert to Series B Convertible Preferred Stock. The 
subordinated debt will pay a cash coupon of 11%. In addition, WCAS will 
receive 350,000 warrants with a nominal strike price. 

LabOne will immediately seek a board-recommended vote from its 
shareholders to convert the preferred equity to Series B Convertible 
Preferred Stock, which will allow WCAS to directly nominate or elect three 
members and jointly nominate another member of a newly constituted 
seven-member board of directors. Of the three WCAS board members, up to two 
may be directly elected by WCAS and the other (s) may be nominated by WCAS 
for election by the common shareholders. Upon shareholder approval, WCAS 
will hold approximately 29% of the outstanding equity of the Company. 
Additionally, the executive committee of the new board of directors will be 
composed of W. Thomas Grant II, James R. Seward, currently a director, and 
Paul B. Queally, WCAS. 

"We are excited to have a world-class firm like Welsh, Carson, 
Anderson, & Stowe as our partner," said Mr. Grant. "The firm's 
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extensive healthcare investing experience, market credibility, and 
significant capital resources will greatly enhance our ability to execute 
our long-term growth strategy. They have proven to be excellent partners in 
the building of healthcare companies and creating value for all 
shareholders . " 

"We are very enthusiastic about the opportunity to partner with 
LabOne in this transaction, which creates an exciting and well-positioned 
services company," said a WCAS spokesperson. "LabOne is already 
a preeminent provider of risk assessment services and 

this transaction will enhance its strategic position and create additional 
growth opportunities." 

About LabOne, Inc. 

LabOne is a national laboratory testing and information 
service provider with three divisions: 
risk assessment services, healthcare and substance 
abuse testing. The risk assessment division, with its 
ExamOne and SBSI subsidiaries, provides proprietary information 
technologies CaseView and LabOne NET (TM) , and CaseOne case management 
service, to life and health insurance companies. These services include 
laboratory test results, paramedical examinations, attending physician 
statements, motor vehicle reports, background inspections and personal 
history interviews. LabOne ' s healthcare division provides medical 
diagnostic testing and related services to physicians and managed care 
organizations, and to benefit providers through its unique Lab Card (R) 
employee benefit program. The healthcare division's disease management 
reporting is specifically designed to provide managed care clients with 
HEDIS data necessary for their NCQA accreditation. The company's substance 
abuse testing division provides drug testing services to Fortune 1000 
employers and markets Intercept (TM) , the oral fluid drug test, in the 
workplace drug testing market. The company's web site is located at 
www . LabOne . com . 

About Welsh, Carson, Anderson, & Stowe 

Welsh, Carson, Anderson, & Stowe, a New York-based private 
equity firm founded in 1979, has organized 12 partnerships with total 
capital of $12 billion. WCAS focuses on three industries: 
telecommunications, information services and healthcare. Some of WCAS' 
healthcare portfolio companies include Triad Hospitals Inc., Pediatrix 
Medical Group Inc., Select Medical Corp., MedCath Corporation, Fresenius 
Medical Care AG, and United Surgical Partners Inc. 

Forward-Looking Statements 

This press release contains "forward-looking statements, " including, 
but not limited to, assumptions, estimates and projections concerning cost 
savings and revenue and earnings growth. Forward-looking statements often 
can be identified by the use of forward-looking terminology, such as 
"believes," "expects," "may," "will," "should," "could," "intends," 
"plans," "estimates," "anticipates," variations thereof, or similar 
expressions. These statements are not guarantees of the future performance, 
and the Company's future results of operations, financial condition and 
business operations may differ materially from those expressed in these 
forward-looking statements. Many factors could cause actual results to 
differ materially from those that may be expressed or implied in such 
forward-looking statements, including, but not limited to, the ability to 
achieve labor and other cost reductions, the ability to integrate the 
laboratory and other operations of the companies, the ability to retain 
customers of Osborn, general economic conditions and other factors detailed 
from time to time in the Company's reports and registration statements 
filed with the Securities and Exchange Commission. Investors are cautioned 
not to put undue reliance on any forward-looking statement. 

COPYRIGHT 2001 Business Wire 

COPYRIGHT 2001 Gale Group 
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While the convoluted palaver of the torrent of privacy notices 
flooding consumers' mailboxes may make great fodder for late-night 
comedians, insurance regulators think it is no laughing matter. 

With that in mind the newly revived Privacy Working Group has announced 
the formation of a task force to draft consumer model notices. 

"It is critical that consumers know how to exercise their privacy 
rights so that the will feel safe in the knowledge that their privacy is 
protected in accordance with the law, " said Gregory Serio, the New York 
commissioner who co-chairs the panel. 

He said the panel will draft a model privacy notices that are 
"understandable, while ensuring operational uniformity which will 
eliminate needless duplication." 

Task force members will be asked to make recommendations to the 
Privacy Working Group during the National Association of Insurance 
Commissioners fall meeting in Boston. 

"The task force's review is needed more than ever to demystify the 
privacy issue and the complexities of the privacy notices consumers are 
now receiving," said co-chair Kathleen Sebelius, who also serves as NAIC 
president and Kansas commissioner. 

Industry representatives reacted warily to revisiting many of the 
issues that were dealt with last year when the panel was in the process of 
approving the model regulation. 

Rey Becker, vice president of the Alliance of American Insurers 
urged the NAIC to exercise caution. 

"Last year during the NAIC ' s development of the model regulation, 
the Alliance repeatedly warned that the volume and level of detail 
required for privacy notices, as well as the unnecessarily broad universe 
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of required recipients, would backfire. The model included some limited 
boilerplate language example, which many insurers used in good faith. The 
time for the NAIC to have drafted more comprehensive boilerplate was 
before insurers spent millions of dollars, not after, " Becker said. 

The September deadline also aroused some concern as a "rushing" of 
the process. 

"Federal agencies are still working on affiliate disclosure opt-out 
rules under the Fair Credit Reporting Act. Surely, this can wait until we 
see what the Feds are planning to require from banks, securities and 
insurers alike," he said. 

Kathleen Jensen, senior counsel for the National Association of 
Independent Insurers, will serve on the task force. She took a more 
sanguine view of the revision process. 

"It is not clear yet how the drafts will ultimately affect the 
industry. I plan to recommend that the drafts developed not be made 
mandatory but rather be available to any company that needs assistance in 
developing or reworking a privacy notice," she said. "Possibly an upside 
for a company utilizing the 'model notice' would be that the notice would 
be a safe harbor for that company." 

In a related move the Working Group released for public comment a 
draft of the NAIC Model Regulation for Safeguarding Consumer Information. 
The model includes steps to assess, manage and control 
risk and oversees service provider 

arrangements and adjusts the program. Violations would be considered 
unfair trade practices. 

Becker noted that in regard to the aspect of controlling service 
provider contracts, no additional time for compliance is given to 
insurers, unlike comparable federal regulations that provide two years. 

Copyright c 2001 Thomson Financial. All Rights Reserved. 
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Business Editors & Medical Writers 

LENEXA, Kan. — (BUSINESS WIRE) — Aug. 6, 2001 

LabOne, Inc. (Nasdaq : LABS ) today reported record revenues of $56.0 
million for its second quarter ended June 30, 2001, an increase of $16.8 
million or 43% over the second quarter 2000. 

Risk assessment services revenues increased by $11.3 million (44%), 
healthcare increased by $3.3 million (40%) and substance abuse testing 
(SAT) increased by $2.2 million (41%). 

The company reported net income of $0.6 million, or $0.06 per share, 
compared to net income of $0.4 million, or $0.03 per share, for the second 
quarter 2000. These results include a $0.6 million pretax charge to 
amortization expense ($0.4 million after income taxes) related to the 
termination of an exclusive product distribution agreement offset by a 
favorable income tax adjustment of $0.4 million. EBITDA for the quarter 
increased 17% to $5.1 million compared to $4.3 million last year. 

"We continue to realize substantial growth in revenues and increased 
laboratory testing volumes across all service lines," said W. Thomas Grant 
II, chairman, president and CEO of LabOne. "We believe that these 
increases, combined with our commitment to improve efficiencies through 
automation and advanced technology solutions, will translate into 
meaningful EBITDA and earnings growth. 

"Our risk assessment services division continues to grow through the 
expansion of other requirements gathering services and our paramedical 
examinations. The revenue growth for the second quarter includes a 140% 
increase in paramedical revenues compared to last year. The healthcare 
division continues to benefit from increased adoption of the Lab Card(R) 
product and our regionally focused physician marketing initiatives. The 
substance abuse testing division's client base continues to expand, 
particularly with the increase in oral fluid-based testing." 

LabOne will make available additional audio comments about the 
second-quarter results from W. Thomas Grant II, John W. McCarty, executive 
vice president and CFO, and Michael J. Asselta, executive vice president 
and COO, on a dial-in conference line. To hear the conference call, dial 
877/222-9794 at 10 a.m. Eastern time, August 6. The call will remain 
available at this number for an unspecified period and will be available on 
the company's web site at www.LabOne.com. 

About LabOne, Inc. 

LabOne is a national laboratory testing and information 
service provider with three divisions: 
risk assessment services, healthcare and substance 
abuse testing. The risk assessment division, with its 
ExamOne and SBSI subsidiaries, provides proprietary information 
technologies CaseView and LabOne NET (TM) , and CaseOne case management 
service, to life and health insurance companies. These services include 
laboratory test results, paramedical examinations, attending physician 

history interviews. LabOne ' s healthcare division provides medical 
diagnostic testing and related services to physicians and managed care 
organizations, and to benefit providers through its unique Lab Card (R) 
employee benefit program. The healthcare division's disease management 
reporting is specifically designed to provide managed care clients with 
HEDIS data necessary for their NCQA accreditation. The company's substance 
abuse testing division provides drug testing services to Fortune 1000 
employers and markets Intercept (TM) , the oral fluid drug test, in the 
workplace drug testing market. The company's web site is located at 
www . LabOne . com . 
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Forward- Looking Statements 

This press release contains "forward-looking statements," including, 
but not limited to, projections and statements of revenues, EBITDA and 
earnings growth. Forward-looking statements often can be identified by the 
use of forward-looking terminology, such as "believes," "expects," "may," 
"will," "should," "could," "intends," "plans," "estimates," "anticipates," 
variations thereof, or similar expressions. The Company's future results of 
operations, financial condition and business operations may differ 
materially from those expressed in these forward-looking statements. Many 
factors could cause actual results to differ materially from those that may 
be expressed or implied in such forward-looking statements, including, but 
not limited to, the volume and pricing of laboratory tests performed by 
LabOne, competition, the extent of market acceptance of the Company's 
healthcare and substance abuse testing and related services, changes in 
government regulations and attitude toward regulation of the Company's 
services, general economic conditions and other factors detailed from time 
to time in the Company's reports and registration statements filed with the 
Securities and Exchange Commission. Investors are cautioned not to put 
undue reliance on any forward-looking statement . 

Selected Financial Data 



2001 2000 (Decrease) 2001 2000 (Decrease) 

Sales $56,015,152 39,161,019 43% $106,059,955 79,742,069 33% 

Net 

earnings $604,012 363,620 66% $1,001,021 781,237 28% 

Basic earnings 
per common 

share $ 0.06 0.03 $ 0.09 0.07 

Diluted earnings 
per common 

share $ 0.06 0.03 $ 0.09 0.07 

Total assets $131,883,709 119,365,594 

Working capital $ 27,281,514 18,926,714 

Consolidated Balance Sheets 



ASSETS 

Current assets: 

Cash and cash equivalents $3,061,587 $1,571,734 

Accounts receivable — trade, net of 

allowance for doubtful accounts of 

$3,043,821 in 2001 and $4,406,612 

in 2000 38,805,511 33,916,445 

Income taxes receivable — 2,065,750 

Inventories 4,293,689 3,276,794 

>t her current assets 3,681,656 3,948,390 
2,057,088 2,740,824 



Total current assets 51,899,531 47,519,937 

Property, plant and equipment 92,775,500 89,244,999 

Less accumulated depreciation 47,176,191 43,936,028 

Net property, plant and equipment 45,599,309 45,308,971 
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Other assets: 
Intangible assets, net 
amortization 

amortization of $49,492 ii 
$40, 758 in 2000 
Deposits and other assets 

Total assets 



142, 654 
93, 456 



34, 728, 755 



151, 388 
270, 124 



$131,883,709 $127,979,175 



LIABILITIES AND STOCKHOLDERS' 
Current liabilities: 

Accounts payable 

Accrued payroll and benefits 

Other accrued expenses 

Income taxes payable 

Other current liabilities 

Notes payable 

Current portion of long-term 

Total current liabilities 
Deferred income taxes 
Long-term payable 
Long-term debt 

Total liabilities 

Stockholders' equity: 
Preferred stock, $.01 par value per 
share; 3,000,000 shares authorized, 

Common stock, $.01 par value per share; 

40,000,000 shares authorized, 

13,050,020 shares issued 
Additional paid-in capital 
Equity adjustment from foreign currency 

translation 
Retained earnings 



Less treasury stock of 2,271,710 shares 
in 2001 and 2,324,671 shares in 2000 

Total stockholders ' equity 

Total liabilities and stockholders' 



$15, 506, 070 
5, 410, 192 
1, 244, 163 
270,296 
261, 440 
50, 000 
1, 875, 856 

24, 618, 017 
1,228,845 
1,274,415 

38, 417, 297 

65, 538, 574 



130, 500 
31, 188, 140 

(830, 132) 
70, 235, 905 

100, 724,413 

34, 379,278 

66, 345, 135 



$14, 516, 703 
4, 457, 136 
1, 714, 033 

279, 228 
81,250 
1, 878, 845 

22, 927, 195 
1, 663, 669 
1, 274, 415 

37, 402, 934 

63, 268,213 



130, 500 
31, 609, 884 

(832, 280) 
69, 234, 884 

100, 142, 988 

35, 432, 026 

64, 710, 962 



$131,883,709 $127,979,175 



Consolidated Statements of Earnings 



Six Months Ended 

June 30, 
2001 2000 

$ 56,015,152 39,161,019 $106,059,955 79,742,069 



Quarter Ended 
June 30, 
2001 2000 



Sales 

Cost of sales 

Cost of sales expenses 38,892,963 25,186,182 

Depreciation expense 695,656 594,762 
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Total cost of sales 39,588,619 25,780,944 



74,578,848 52,364,300 



Gross profit 16,426,533 13,380,075 31,481,107 27,377,769 

Selling, general and 
administrative 
Selling, general and 
administrative 

expenses 12,053,901 9,646,865 23,054,458 20,051,852 

Depreciation expense 1,197,860 1,008,215 2,392,049 1,937,806 

Amortization expense 1,686,373 1,047,061 2,739,614 2,083,420 

Total selling, general 

and administrative 14,938,134 11,702,141 28,186,121 24,073,078 

Earnings from 

operations 1,488,399 1,677,934 3,294,986 3,304,691 

Interest expense (561, 995) (602, 866) ( 1 , 2 12 , 2 28 ) ( 1 , 0 98 , 14 5 ) 

Interest income and other 53,441 15,222 148,399 40,397 

Earnings before income 

taxes 979,845 1,090,290 2,231,157 2,246,943 

Income tax expense 375,833 726,670 1,230,136 1,465,706 

Net earnings $ 604,012 363,620 $ 1,001,021 781,237 

Basic earnings per common 

share $ 0.06 0.03 $ 0.09 0.07 

Diluted earnings per 

common share $0.06 0.03 $0.09 0.07 

Basic weighted average 

outstanding 10,748,531 10,721,272 10,737,004 11,021,361 
Effect of dilutive 
securities — stock 

options 9,969 69 5,200 1,282 

Diluted weighted average 
shares 

tstanding 10,758,500 10,721,341 10,742,204 11,022,643 



COPYRIGHT 2001 Business Wire 
COPYRIGHT 2001 Gale Group 



Publisher Name: Business Wire 
Company Names: *LabOne Inc. 
Geographic Names: *1USA (United States ) 
Product Names: *7397000 (Testing Laboratories) 

Industry Names: BUS (Business, General); BUSN (Any type of business ) 

SIC Codes: 8734 (Testing laboratories ) 

NAICS Codes: 54138 (Testing Laboratories ) 

Ticker Symbols: HORL 

Special Features: LOB; COMPANY 



35 



3/9/34 (Item 34 from file: 16) 

08826983 ? ?Supplier Number: 76722879 
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Business Editors 

LENEXA, Kan . — (BUSINESS WIRE) —July 24, 2001 

LabOne, Inc. (Nasdaq: LABS) announced today that it will report 
second-quarter financial results before the open of the market August 6, 
2001 . 

LabOne will make available additional audio comments about the 
second-quarter results from W. Thomas Grant II, chairman, president and 
CEO; John W. McCarty, executive vice president and CFO; and Mike Asselta, 
executive vice president and COO, on a dial-in conference line. To hear the 
conference call, dial 1-8 77/222-97 94 at 10 a.m. Eastern, August 6. 
Following the call, the comments will be available on a dial-in basis at 
the same toll free number and as a download file from the 
company's web site at www.LabOne.com. 

About LabOne, Inc. 

LabOne is a national laboratory testing and information 
service provider with three divisions: insurance 
services, healthcare and substance abuse testing. The risk 
assessment division, with its ExamOne and SBSI subsidiaries, 
provides proprietary information technologies CaseView and LabOne NET (TM) , 
and CaseOne case management service, to life and health insurance 
companies. These services include laboratory test results, paramedical 
examinations, attending physician statements, motor vehicle reports, 
background inspections and personal history interviews. LabOne ' s healthcare 
division provides medical diagnostic testing and related services to 
physicians and managed care organizations, and to benefit providers through 
its unique Lab Card(R) employee benefit program. The healthcare division's 
disease management reporting is specifically designed to provide managed 
care clients with HEDIS data necessary for their NCQA accreditation. The 
company's substance abuse testing division provides drug testing services 
to Fortune 1000 employers and markets Intercept (TM) , the oral fluid drug 
test, in the workplace drug testing market. The company's web site is 
located at www.LabOne.com. 

Forward- Looking Statements 

This press release may contain "forward-looking statements," as well 
as historical information. Forward-looking statements include projections, 
statements of plans and objectives, statements of future economic 
performance and statements of assumptions underlying such statements. 
Forward-looking statements involve known and unknown risks and 
uncertainties. Many factors could cause actual results to differ materially 
from those that may be expressed or implied in such forward-looking 
statements, including, but not limited to, the volume and pricing of 
laboratory tests performed by LabOne, competition, the extent of market 
acceptance of the Company's testing services in the healthcare and 
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substance abuse testing industries, general economic conditions and other 
factors detailed from time to time in the Company's reports and 
registration statements filed with the Securities and Exchange Commission. 
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DES PLAINES , 111., April 23 /PRNewswire Interactive News Release/ — United 
Stationers Inc. (Nasdaq: USTR) reported earnings per share of $0.64 for its 
first quarter ended March 31, 2001, compared with $0.69 in the first 
quarter of 2000. Net income for the latest three months was $21.6 million, 
down from $23.9 million in the comparable prior-year quarter. Net sales for 
the period reached a record $1.1 billion, up 6.5% compared with sales of 
$995 million for the first three months of 2000. 

Randall W. Larrimore, president and chief executive officer, said, "We 
experienced moderate sales growth in our core business due to the softer 
economy, one fewer workday in the quarter, and comparisons against 
extremely strong growth in the prior year. 

"The primary difference in income from operations between the first 
quarters of 2000 and 2001 was a $6.8 million loss for The Order People in 
the current quarter. Excluding this, the company would have achieved 
earnings per share of $0.77, representing an 11.6% increase over the first 
quarter of the prior year. 

"We remain confident that there is a long-term market opportunity for 
the fulfillment and customer relationship management (CRM) services offered 
by The Order People. However, we are taking actions to lower its overall 
cost structure to reflect the longer sales cycle and slower ramp-up of 
revenues. In addition, we've named Mark Hampton as President and Chief 
Operating Officer of The Order People. Mark brings a broad business 
perspective, after running a start-up operation for another company, and 
leading several business units during his time at United. Mark replaces 
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John Kennedy who resigned," added Larrimore . 

"We will continue to examine The Order People's cost structure, making 
further adjustments as necessary. However, we expect it to post another 
operating loss of between $6-7 million for the second quarter. We also 
continue to implement company-wide cost-reduction programs. While the near- 
term is challenging, we remain optimistic about our long-term growth 
potential," concluded Larrimore. 

Conference Call 

United Stationers will host a conference call on Tuesday, April 24, at 
9:00 a.m. (Central Time) to discuss first quarter performance. To listen to 
the conference call, visit the investor relations section of the company's 
Website at http://www.unitedstationers.com at least 15 minutes before the 
call, and follow the instructions provided to ensure that the necessary 
audio application is downloaded and installed. This program is provided at 
no charge to the user. In addition, interested parties can access an 
archived version of the call, which will also be located on the investor 
relations section of United Stationers' Website, approximately two hours 
after the call's conclusion and for the following week. 

Forward-looking Statements 

With the exception of statements on historical events, the information 
presented in this news release contains forward-looking statements within 
the meaning of Section 21E of the Securities Exchange Act of 1934, as 
amended. These statements involve risks and uncertainties that could cause 
actual results to differ materially from the information presented here. 
The risks and uncertainties affecting this release include, but 
are not limited to, assessing the market potential for 
third-party service providers, the timing of revenue 
generation, the ability of the company to quickly adjust the 
cost structure of The Order People and the success of The Order People and 
e-NITED, the integration of acquisitions, changes in end-users' demands for 
business products, customer credit risk, the effects of fluctuations in 
manufacturers' pricing, general economic conditions, and the highly 
competitive environment in which the company operates. A description of 
these and other factors that could affect the company's business are set 
forth in filings with the Securities and Exchange Commission including the 
company's latest 10-K and 10-Q. The company's SEC filings are readily 
available at http://www.sec.gov . 

Company Overview 

United Stationers Inc., with trailing twelve months sales of $4.0 
billion, is North America's largest distributor of business products and a 
provider of marketing and logistics services to resellers. Its integrated 
computer-based distribution system makes more than 40,000 items available 
to 20,000 resellers. United is able to ship products within 24 hours of 
order placement because of its 39 United Stationers Supply Co. regional 
distribution centers, 28 Lagasse distribution centers that serve the 
janitorial and sanitation industry, six Azerty distribution centers that 
serve computer supply resellers, three distribution centers that serve the 
Canadian marketplace and a dedicated distribution center serving clients of 
The Order People. Its focus on fulfillment excellence has given the company 
a 98% order fill rate, a 99.5% order accuracy rate, and a 99% on-time 
delivery rate. For more information, visit http://www.unitedstationers.com 

The company's common stock trades on the Nasdaq National Market System 
under the symbol USTR and is included in the S&P SmallCap 600 Index. 
United Stationers Inc. and Subsidiaries Condensed Consolidated Statements 
of Income (in thousands, except per share data) (unaudited) For the Three 
Months Ended March 31, 2001 2000 Net sales $1,059,842 $ 994,883 Cost of 
goods sold 893,719 836,753 Gross profit 166,123 158,130 Operating expenses: 
Warehousing, marketing and administrative expenses 119,742 107,726 Income 
from operations 46,381 50,404 Interest expense, net 8,055 7,414 Other 
expense 2,484 2,646 Income before income taxes 35,842 40,344 Income taxes 
14,229 16,420 Net income $21,613 $23,924 Net income per share - assuming 
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dilution $0.64 $0.69 Average number of common shares - assuming dilution 
33,600 34,751 United Stationers Inc. and Subsidiaries Condensed 
Consolidated Balance Sheets (dollars in thousands, except share data) 
(unaudited) March 31, 2001 2000 ASSETS Current assets: Cash and cash 
equivalents $31,225 $28,829 Accounts receivable, net 303,591 265,302 
Inventories 635,129 583,089 Other current assets 23,264 23,469 Total 
current assets 993,209 900,689 Property, plant and equipment, net 195,906 
169,077 Goodwill, net 195,156 180,143 Other 22,205 18,115 Total assets $ 
1,406,476 $1,268,024 LIABILITIES AND STOCKHOLDERS' EQUITY Current 
liabilities: Accounts payable $363,762 $337,857 Accrued liabilities 129,390 
144,745 Current maturities of long-term debt 42,287 10,585 Total current 
liabilities 535,439 493,187 Deferred income taxes 23,141 29,010 Long-term 
obligations 353,425 315,100 Total liabilities 912,005 837,297 Stockholders' 
equity: Common stock (voting), $0.10 par value; authorized - 100,000,000 
shares, issued - 37,213,207 shares in 2001 and 2000 3,721 3,721 Additional 
paid-in capital 299,397 303,214 Treasury stock, at cost - 3,918,558 shares 
in 2001 and 3,170,699 in 2000 (70,689) (48,395) Retained earnings 262,042 
172,187 Total stockholders' equity 494,471 430,727 Total liabilities and 
stockholders' equity $1,406,476 $1,268,024 MAKE YOUR OPINION COUNT - Click 
Here http : / /tbutton . prnewswire . com/prn/ 11 690X55 47 08 73 

/CONTACT: Kathleen S. Dvorak, Sr. Vice President, Investor Relations 
and Financial Administration, or Eileen A. Kamerick, Executive Vice 
President, Chief Financial Officer, both of United Stationers Inc., 
847-699-5000/ 18:30 EDT 

Copyright 2001 PR Newswire . Source: World Reporter (Trade Mark). 
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VIENNA, Va., Apr 12, 2001 (BUSINESS WIRE) 

- SCENDIS, a mult i- service 
strategic human resources consulting company and provider of corporate 
e-Learning products, unveiled two new Web-based training modules that 

sensitive areas of employee behavior. 

SCENDIS' "Responding to Conflict" and "Preventing Workplace Harassment" 
modules are the newest additions to the company's "Mastering Business 
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Skills" 

and "Managing Compliance" series 



"As today's workplace evolved, employees interact with co-workers from a 

range of ethnic and social backgrounds. While this growing diversity 
contributes to the richness of the workplace, it also opens the door for 
misunderstanding, discrimination or even harassment," says Karetta Hubbard, 
co-CEO of SCENDIS. "These undesirable behaviors create an uncomfortable 

environment, reduce productivity, and can lead to employee litigation." 
Situations can get even more sensitive in a tough economy. With many 
companies 

experiencing layoffs and low morale, the need for cost-effective training 
programs that mitigate conflict and enhance working relationships 



This is especially true for companies with flat organizational structures, 

which managers may not be available to intervene in situations that may 
involve conflict or harassment. 

"With middle-management positions being eliminated at many companies in the 
current economic climate, the ability to deliver training over the Web in a 
way that requires a minimum of management's time offers flexibility and 
privacy benefits that traditional training programs can't deliver," says 
Lynne 

Revo-Cohen, co-CEO of SCENDIS. 

"The "Responding to Conflict' training helps organizations improve 
productivity and teamwork by demonstrating ways to respond constructively 
to 

emerging conflicts. It uses the proven three-step method of accept, 
understand 

and resolve." she adds. "With our "Preventing Workplace Harassment' course, 
people learn how to recognize, and then avoid, actions that constitute — or 

be perceived as — harassment." 

With the new SCENDIS modules — as well as other elements of the "Mastering 
Business Skills" and "Managing Compliance" series — companies can have their 
own corporate introduction, human resource policies and procedures 
integrated 

into the SCENDIS programs. 

Video clips of a company executive can underscore intimately the importance 
of 

the training and relate it to the company's specific corporate objectives. 

The modules use a series of interactive video exercises with real life 
business scenarios and believable characters to train users to 
constructively 

respond to and deal with conflict and harassment. Users learn by 
self-discovery of information and by responding to situations and exploring 

As with other SCENDIS training programs, the new modules include both 
pre-surveys and post-training tests to let participants assess themselves 
before and after the training. The modules also provide training reports 
for 

management . 
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SCENDIS' Web-based training programs are powered by the company's ALEX(TM) 
technology platform, developed specifically for delivering online programs 

the web. Reflecting the diverse nature of the workforce today, video 
sequences 

in the programs feature role-playing characters from a variety of ethnic 
social backgrounds. 
About SCENDIS 

SCE1TDIS, formerly Hubbard & Revo-Cohen, is an intellectual capital 

provider specializing in high-risk workplace issues. 
The company strategically 

integrates consulting expertise and technology to deliver the next wave of 

proactive Strategic Planning, Assessment, Skill Building and 

customized 

e-learning products to assist employers and talent in creating the 

workplace 

of choice. 

SCENDIS' technology product, powered by ALEX(TM), is a proven, highly 
sophisticated software platform with more than 100,000 users. Headquartered 

the Washington, D.C. metropolitan area, SCENDIS was the winner of the 
Fairfax 

County Chamber of Commerce "Blue Diamond Award" for the best technology 
company of the year. 

CONTACT: SCENDIS 

Elizabeth Hubbard, 212/414-1960 

ehubbardSscendis . com 

by 

RMR & Associates 

Susan Yum, 301/217-0 0 0 9, x40 

syumdrmr . com 

URL: http://www.businesswire.com 
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TruSecure Delivers First and Only Web-Based Service 
for Central Management of 

Comprehensive Enterprise Security Ef f orts-TruSecure 2001 provides 
management 

console to oversee integrated program for continuous identification and 
mitigation of security risks 

RESTON, Va., Apr 10, 2001 (BUSINESS WIRE) — TruSecure Corporation, the 
leader 

in information security assurance, today introduced the first service that 
enables organizations to centrally manage an enterprise-wide program that 
identifies risk to their critical IT assets, mitigates that risk, then 
maintains an essential level of ongoing security "health." TruSecure 2001 
leverages a patent-pending Web-based method for integrating people, 
technology 

and processes into a continuous, coordinated and prioritized risk 

management 

program . 

"TruSecure 2001 empowers us to integrate the disparate aspects of our 

work, thereby more effectively mitigating our risk, " said Jeff Brewer, lead 
security analyst at Fiserv in Atlanta, GA. "For the first time, we can 
capture 

a real return on our security management investment." 

TruSecure 2001 assures ongoing information security in a preventive manner, 
before threats become problems. Real-time updates to TruSecure ' s essential 
security practices, accessible through the Web-based console, enable 
organizations to effectively manage security in a constantly changing 
environment. TruSecure 1 s unique Object-Oriented Security Model creates a 

accurate enterprise risk assessment and 

determines the "right level" of 

security controls by identifying the relationships between networks, 
devices, 

applications, people and physical locations. Unlike solutions offered by 

managed service providers and consulting firms, 
TruSecure 2001 is a 

fixed-price, annualized subscription service that utilizes a patent -pending 
automated software model and database to continuously map a customer's IT 
infrastructure against a set of essential security practices. Once 

practices are successfully implemented, the customer receives 
industry-recognized certification, providing them confidence and assurance 
that their mission-critical e-business systems and applications are 
hardened 

against " cyberthreats . " 

TruSecure 2001' s console provides CIOs and chief security officers a 
window into the organization's status and progress towards complying with 
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TruSecure's essential security practices. This Web-based interface provides 
layered views and drill-down capabilities from the enterprise to the 
subsidiary, division, department or individual device level. 

"TruSecure's approach provides a systematic way to manage enterprise 

that can be tailored to each customer's specific needs," said Peter 
Lindstrom, 

senior analyst with the Hurwitz Group. "In a sense, TruSecure is providing 
ongoing certification of an organization's security readiness." 

TruSecure enhances traditional security methods by integrating all phases 
of a 

risk management program through a patent-pending Object-Oriented Security 
Model. This approach efficiently crafts a customized security program 
around 

the unique interactions between devices, users and physical locations that 
define an organization. Those phases are: 

IDENTIFY - Inventory of critical assets through electronic scanning and 
interviews . 

ASSESS - Assessment of risks, including risks from hacking, viruses and 

physical threats, privacy issues, downtime and human factors. 

PROTECT - Creation of a customized program of security controls to reduce 
identified risks, accessible through a Web-based management interface. 

ASSURE - Maintenance of effective security program over time, through 
continual revalidation of security posture and constant monitoring of 
emerging 
risks . 

"Many organizations struggle with the complexities of defining, 
prioritizing 

and managing an ongoing information security program, " said David Capuano, 
vice president of product management. "TruSecure's cost-effective 
methodologies, continuous process and unmatched risk forecasting enable 
organizations to achieve and maintain an effective security posture while 
focusing their attention on their core business." 

Pricing and Availability 

TruSecure 2001 is provided on a fixed-price annual subscription-based model 
and is available immediately. 

About TruSecure Corporation 

TruSecure provides global 10, 000 companies with comprehensive enterprise 
risk 

management programs that assure the ongoing security of their critical 
systems 

and information. By integrating disparate security products and processes 

a comprehensive risk management program, TruSecure helps hundreds of 
companies 

achieve greater risk reduction at lower cost. TruSecure's ICSA Labs is the 
security industry's central authority for product standards and testing, 

today certifies more than 95% of the market's anti-virus software, network 
firewalls, cryptography and IPSec products. Based in Reston, VA, TruSecure 
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Corporation is privately-held with investors including J. & W. Seligman 
& Co . , 

J. P. Morgan Partners, Weston Presidio Capital, Greylock and WaldenVC. 

For more information about TruSecure please visit www.trusecure.com. 

CONTACT: Susan Lee 

TruSecure Corporation 

703/453-0578 

slee@trusecure.com 

Jason Morris/Beth Grupp 
Schwartz Communications, Inc. 
781/684-0770 

t ruse cure Sschwart z-pr . com 
URL: http://www.businesswire.com 
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RESTON, Va. — (BUSINESS WIRE)— April 10, 2001 — 

TruSecure 2001 provides management console to oversee integrated 
program for continuous identification and mitigation of security risks 

TruSecure Corporation, the leader in information security assurance, today 
introduced the first service that enables organizations to centrally manage 
an enterprise-wide program that identifies risk to their critical IT 
assets, mitigates that risk, then maintains an essential level of ongoing 
security "health." TruSecure 2001 leverages a patent-pending Web-based 
method for integrating people, technology and processes into a continuous, 
coordinated and prioritized risk management program. 

"TruSecure 2001 empowers us to integrate the disparate aspects of our 
security work, thereby more effectively mitigating our risk," said Jeff 
Brewer, lead security analyst at Fiserv in Atlanta, GA. "For the first 
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time, we can capture a real return on our security management investment." 

TruSecure 2001 assures ongoing information security in a preventive 
manner, before threats become problems. Real-time updates to TruSecure ' s 
essential security practices, accessible through the Web-based console, 
enable organizations to effectively manage security in a constantly 
changing environment. TruSecure ' s unique Object-Oriented Security Model 
creates a more accurate enterprise risk 
assessment and determines the "right level" of 

security controls by identifying the relationships between networks, 
devices, applications, people and physical locations. Unlike solutions 
offered by other managed service providers and 

consulting firms, TruSecure 2001 is a fixed-price, annualized subscription 
service that utilizes a patent-pending automated software model and 
database to continuously map a customer's IT infrastructure against a set 
of essential security practices. Once TruSecure practices are successfully 
implemented, the customer receives industry-recognized certification, 
providing them confidence and assurance that their mission-critical 
e-business systems and applications are hardened against " cyberthreat s . " 

TruSecure 2001 's console provides CIOs and chief security officers a 
real-time window into the organization's status and progress towards 
complying with TruSecure ' s essential security practices. This Web-based 
interface provides layered views and drill-down capabilities from the 
enterprise to the subsidiary, division, department or individual device 
level. 

"TruSecure 's approach provides a systematic way to manage enterprise 
security that can be tailored to each customer's specific needs," said 
Peter Lindstrom, senior analyst with the Hurwitz Group. "In a sense, 
TruSecure is providing ongoing certification of an organization's security 
readiness . " 

TruSecure enhances traditional security methods by integrating all 
phases of a risk management program through a patent-pending 
Object-Oriented Security Model. This approach efficiently crafts a 
customized security program around the unique interactions between devices, 
users and physical locations that define an organization. Those phases are: 

IDENTIFY - Inventory of critical assets through electronic scanning 
and interviews. 

ASSESS - Assessment of risks, including risks from hacking, viruses 
and worms, physical threats, privacy issues, downtime and human factors. 

PROTECT - Creation of a customized program of security controls to 
reduce identified risks, accessible through a Web-based management 
interface . 

ASSURE - Maintenance of effective security program over time, through 
continual revalidation of security posture and constant monitoring of 
emerging risks. 

"Many organizations struggle with the complexities of defining, 
prioritizing and managing an ongoing information security program," said 
David Capuano, vice president of product management. "TruSecure ' s 
cost-effective methodologies, continuous process and unmatched risk 
forecasting enable organizations to achieve and maintain an effective 
security posture while focusing their attention on their core business." 

Pricing and Availability 

TruSecure 2001 is provided on a fixed-price annual subscription-based 
model and is available immediately. 
About TruSecure Corporation 

TruSecure provides global 10,000 companies with comprehensive 
enterprise risk management programs that assure the ongoing security of 
their critical systems and information. By integrating disparate security 
products and processes into a comprehensive risk management program, 
TruSecure helps hundreds of companies achieve greater risk reduction at 
lower cost. TruSecure 's ICSA Labs is the security industry's central 
authority for product standards and testing, and today certifies more than 
95% of the market's anti-virus software, network firewalls, cryptography 
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and IPSec products. Based in Reston, VA, TruSecure Corporation is 

privately-held with investors including J. & W. Seligman & Co., 

J. P. Morgan Partners, Weston Presidio Capital, Greylock and WaldenVC. 

CONTACT: Susan Lee TruSecure Corporation 703/453-0578 
slee@trusecure.com or Jason Morris/Beth Grupp Schwartz Communications, Inc. 
781/684-0 770 trusecure@5chwartz-pr.com 

10:30 EDT APRIL 10, 2001 
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DES PLAINES, 111., March 15 /PRNewswire/ — 

United Stationers Inc. (Nasdaq: USTR) announced today that based upon 
preliminary financial results for the two months ended February 28, 2001, 
the Company currently expects sales and earnings for the first quarter of 
2001 to be below the Company's previously stated goals of 6 to 9% organic 
sales growth and 15% growth in earnings per share. Sales for the two 
months ended February 28, 2001 were up 8.4%, reflecting modest growth in 
the core business as well as contributions from recent acquisitions. As a 
result of continued investments in building its logistics and fulfillment 
business, The Order People, and softness in its core business, the Company 
expects earnings per share for the first quarter to be in the range of 
$0.59 to $0.63, compared with $0.69 in the prior-year first quarter. 

Randall W. Larrimore, president and chief executive officer said, 
"For the first quarter ending March 31, 2001, the operating loss for The 
Order People will be in the range of $6.0 to $7.0 million. Excluding the 
operating loss associated with The Order People, the Company would expect 
to achieve growth in earnings per share over the first quarter of the 

"We are confident that the long-term market opportunity for the 
fulfillment and Customer Relationship Management services offered by The 
Order People is significant. However, we are taking actions to lower the 
overall cost structure of The Order People to reflect our revised 
expectations relative to the timing of the revenue stream. We will 
continue to examine the cost structure to make further adjustments, as 
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necessary. In addition, we are continuing to implement cost-reduction 
programs throughout the company. While the near-term is challenging, we 
remain optimistic about our long-term growth potential," concluded 
Larrimore . 

United Stationers Inc., with 2000 sales of $3.9 billion, is North 
America's largest distributor of business products to resellers and 
provider of marketing and logistics services. Its integrated 
computer-based distribution system makes more than 40,000 items available 
to 20,000 resellers. United is able to ship products within 24 hours of 
order placement because of its 39 United Stationers Supply Co. regional 
distribution centers, 28 Lagasse distribution centers that serve the 
janitorial and sanitation industry, six Azerty distribution centers that 
serve computer supply resellers, three distribution centers that serve the 
Canadian marketplace and a distribution center serving clients of The Order 
People. Its focus on fulfillment excellence has given the company a 98% 
order fill rate, a 99.5% order accuracy rate, and a 99% on-time delivery 
rate. For more information, visit www.unitedstationers.com . 

With the exception of statements on historical events, the 
information presented in this news release contains forward-looking 
statements within the meaning of Section 21E of the Securities Exchange Act 
of 1934, as amended. These statements involve risks and uncertainties that 
could cause actual results to differ materially from the information 
presented here. The risks and uncertainties affecting this 
release include, but are not limited to, assessing the market 
potential for third-party service providers, the 
timing of revenue generation, the ability of the company to 
quickly adjust the cost structure of The Order People and the success of 
The Order People and e-NITED, the integration of acquisitions, changes in 
end-users' demands for business products, customer credit risk, the effects 
of fluctuations in manufacturers' pricing, general economic conditions, and 
the highly competitive environment in which the company operates. A 
description of these and other factors that could affect the company's 
business are set forth in filings with the Securities and Exchange 
Commission including the company's latest 10-K and 10-Q. The company's SEC 
filings are readily available at www.sec.gov . 

The company's common stock trades on the Nasdaq National Market 
System under the symbol USTR and is included in the S&P SmallCap 600 
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Shamrock purchase of Pelephone approved 

The government yesterday formally approved the Shamrock Group's 
purchase of Motorola's half of cellular telephone service provider 
Pelephone for $590 million, including a loan of $240 million from Bezeq. 
Shamrock, the investment arm of the Roy Disney family, has acquired the 
shares on behalf of Bezeq. The phone monopoly continues to own 50% of 
Pelephone, and aspires to buy the Shamrock shares once it is privatized. 
Gwen Ackerman 

Argoquest completes $40m. financing round 

Argoquest Holdings, LLC, a Herzliya-based holding company that manages 
a network of some 60 local technology companies, said it has completed a 
$40 million first round of financing. The round was lead by Broadcom 
Corporation, which controls Herzliya-based VisionTech, HSBC Holdings pic, 
and Shamrock Holdings of California Inc. The four- year-old company, which 
also maintains offices in Los Angeles and Texas, focuses on early-stage 
technology companies that develop Internet infrastructure, enabling 
technologies, wireless and telecommunications solutions. Gregg Gardner 

RadVision repurchases 10% of shares 

RadVision, a Tel Aviv-based provider of technology for real-time voice 
and video over Internet protocol, said yesterday that it authorized the 
repurchase of up to 10% of its shares. The company currently has 19 million 
common shares outstanding. RadVision did not specify the sums allocated for 
the program, noting only that the acquisitions will be made "from time to 
time" at current market prices; no time limit has been set for the duration 
of the program. Gregg Gardner 

ECI's InnoWave wins $llm. Mexican telecom deal 

ECI Telecom Ltd. said yesterday that its wholly-owned subsidiary 
InnoWave ECI Wireless Systems Ltd. has won an $11 million contract from 
Telmex Mexico, a telecommunications company. According to the agreement, 
Petah Tikva-based InnoWave, via affiliate ECI Mexico, will provide its 
MultiGain Wireless Systems to Telmex in order to provide wireless 
telecommunications services in the country. The technology will enable 
Telmex to provide voice, data and Internet service programs to its 
subscribers. Gregg Gardner 

VCON inks $2m. deal with Bank of China 

VCON, a Herzliya-based provider of networked video over Internet 
protocol (IP) solutions has won a $2 million supply contract from the 
People's Bank of China (PBC), the Chinese central bank. According to the 
agreement, VCON will provide 143 videoconferencing systems to PBC, which 
operates in 11 of the country's provinces. The project, whose installation 
is slated for completion in the coming months, is aimed at improving 
China's e-banking capabilities and its communications systems. Gregg 
Gardner 

Helon Tec acquires software house for NIS 1.1m. 

Helon Tec, a Tel Aviv-based developer of human resource management 
software, said yesterday that it has acquired Bull Computers Ltd. for NIS 
1.1 million. Local software house Bull operates in the computerized salary 
field, handling some 15,000 payment slips per month, 70 percent of them 
from the hotel sector. Its clients include the Sheraton Plaza, Sheraton 
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Moriah, and Caesar hotel chain. Gregg Gardner 
Medirisk Solutions raises $lm. 

Tel Aviv-based Medirisk Solutions announced yesterday that it has 
completed $1 million in first-round financing, from investors in the 
insurance industry. The company valuation is $3 million. 

Medirisk Solutions was founded in 1999 by Dr. Moty Bahar to develop 
medical and life insurance underwriting software. The software standardizes 
decision making after assessing the risk profile of 
an individual applying for insurance. 

The company, which employs six people, has developed an ASP 
(application service provider) revenue model based on 

payment per questionnaire and already has customers. The current investment 
round was led by Ziv Capital Markets, which is affiliated with accounting 
firm of BDO-Shlomo Ziv Associates. Buzzy Gordon 
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If you're not afraid about the state of your company's security, you 
should be. Hackers are scanning ports en masse, coordinated attacks are 
gaining popularity, and, more and more, network users who appear to be 
valid may actually be impostors. The real problem is that's just the 
outside attacks. Experts say 60 percent to 70 percent of attacks come from 
inside the company. So, be aware-or be hacked. 

Large companies that spend big bucks on their own security staffs and 
outsourced expertise aren't always safe. Take last October's attack on 
Microsoft. Hackers used the well-known QAZ worm to break into Microsoft's 
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computer systems to steal product design information about the Windows 
operating system and the Microsoft Office suite . Western Union was also 
attacked last September. Hackers gained access to 15,700 customer accounts, 
including credit-card information. And, while high-profile 
denial-of -service attacks like the ones that took down eBay and CNN.com 
last February don't happen every day, most security experts agree that DoS 
attacks do occur daily. 

Although FBI investigations of these and other high-profile attacks 
make headline news, most DoS and other hacking incidents are not reported. 
That means the problem is far worse than it appears. Most companies don't 
report break-ins-part icularly internal hacks-because they don't want 
customers and shareholders to lose confidence . 

The reality is that attacks are on the rise. A Computer Security 
Institute/FBI survey released last year, says the number of respondents 
reporting their Internet connections as a frequent point of attack 
increased every year for five years, from 47 percent in 1996 to 59 percent 
in 2000. And Pilot Network Services, a secure service provider, reported in 
its latest Cyber Barometer online newsletter that the overall frequency of 
threats was steady during the past few months. But the number of different 
types of attack attempts increased by 15 percent in November 2000 alone. 

"We're seeing more NetBIOS attacks, scans and viruses," says Phil 
Simmonds, director of technical marketing at Pilot. "We're monitoring 
attacks and reporting the trends in Cyber Barometer, but the problem is you 
don't know what the trends will be. Past trends are not necessarily 
indicative of future trends." 

Pilot provides highly secure VPN and hosting services to a broad 
range of enterprise customers. Simmonds says one advantage Pilot has over 
most intrusion detection system (IDS) vendors is anonymity. Pilot's 
intrusion detection tools are proprietary and therefore can't be purchased 
and reviewed by a malicious source. Other service providers argue in favor 
of managed services over the purchase and use of tools in-house because 
they are selling security expertise that's otherwise difficult and 
expensive to obtain directly. 

Despite the growing popularity of outsourced services, vendors say 
they're selling more equipment than ever. Most agree that effective 
intrusion detection and enterprise security requires more than a firewall 
or IDS-companies need both, as well as virus detection and encryption. More 
important, businesses need to define security policies and implement them 
effectively. The problem is most IT professionals are not security experts. 
As a result, the quality of a company's security program may be limited by 
a lack of internal expertise. 

Vendors say some customers are buying security systems but are not 
necessarily maintaining them. They fail to download patches and known 
signatures, leaving themselves open to the latest attacks. Purchasing an 
IDS is only a first step. 

"We are seeing a massive increase in the automated scans for 
specific vulnerabilities, " says Tim Belcher, chief technology officer and 
co-founder of Riptech, a managed service provider. "A couple of months ago, 
it was compromising common Unix services. Distributed DoS attacks are still 
a real problem. Customers have to continually protect themselves." 

Most vendors agree that security needs to become more of a priority 
for customers. However, they don't necessarily agree how security should be 
implemented. Some advocate host IDSes that monitor traffic and logs, while 
others promote network IDSes that reside at the edge of the network. Pete 
Lindstrom, a security analyst at the Hurwitz Group, says the two security 
options are converging, and some vendors are beginning to offer more 
integrated products and services. Regardless of which architecture vendors 
pitch, effective security requires a multilayer defense. 

Which security systems companies ultimately implement depends on 
corporate security policies, network architectures, business models and the 
ability to effectively manage security. Nir Zuk, chief technology officer 
at OneSecure, another managed service provider, says IT managers often have 
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trouble administering IDSes because they generate a massive amount of log 
data that IT managers don't have time to analyze. To stay on top of 
breaches, IDSes let users set alarms, but often the intrusions are false 
positives. Instead of having their beepers go off every 10 minutes, IT 
managers are either relaxing their standards or ignoring the beeps. Zuk and 
some of the IDS vendors agree that the tools for managing alerts and raw 
data need to be streamlined. 

Then there's the problem of staying current. During one fiscal year, 
an IT manager or COO may request $300,000 for security expenditures and the 
following year request the same amount or more to keep up with the 
company's security needs. Sometimes management doesn't understand why 
security systems need to be repurchased and may deny or at least argue with 
the request . 

Navigating the security maze is also an issue. IT managers would 
like to get answers from the vendors, but they may not know which questions 
to ask. Hackers look to exploit these types of weaknesses and lack of 
knowledge in organizations. Maybe the front door is locked, but the back or 
side door is open. If so, most corporate networks are probably compromised 
in some way . 

"Intrusion detection is reactive," says Ryon Packer, executive 
director of marketing at Intrusion.com, an IDS vendor. "People buy tools 
after the attack, similar to the way they buy firewalls. Worse, there is a 
skills gap. The rate at which a per-son can become and stay knowledgeable 
about security systems and malicious methods pales in comparison to the 
rate at which the industry is growing. People have to stay current, and 
that ' s tough . " 

Vendors are also challenged to keep up. Avi Fogel, president and CEO 
of IDS vendor Network One, says hackers will always be more agile than 
vendors because hackers don't go through a quality assurance process. 

"The objective is to minimize vulnerability," Fogel says. "Ideally, 
you could find a more generic tool that prevents classes of intrusion like 
Trojan horses. A tool like that could have prevented the recent Microsoft 
break-in (in which an employee's machine was compromised).'' 

Network One offers a host-resident firewall and IDS that monitors 
layer 3, 4 and 7 traffic. Higher-level monitoring is important, given that 
many of the attacks happen at the application layer (layer 7), where 
malicious code is embedded in a popular desktop application. Network One is 
an advocate of intrusion detection at the edge of a network so that the 
host can see the attacks directed at it . 

Piers McMahon, senior business manager for the eTrust suite of 
security products at Computer Associates, agrees that different traffic 
types must be monitored. ETrust detects known attack patterns at the 
network, server and application layers. The product also provides streaming 
updates so that IT managers and security professionals don't have to 
manually update servers. 

"Hackers are trying to get under the social defenses," McMahon says. 
"Using Trojan horses, they're getting users to trustingly connect to a site 
that may be malicious or may deposit malicious code. They're avoiding the 
front door because they know you're watching it. Most companies have a 
false sense of security." 

Not everyone does. Kurt Ziegler, chairman and CEO of traffic 
analysis vendor eBSure, was so concerned about his com-pany ' s security, he 
included a security plan and budget in his initial business plan. Ziegler, 
who once headed security for Computer Associates, is familiar with the 
security risks software companies face. As a result, intrusion 
detection-and security in general-were top priorities from the start. 

Ziegler says when he started at eBSure he wanted a level of security 
the company couldn't afford. Some of the firewall vendors claimed to be 
doing intrusion detection, but Ziegler went with Riptech because it offers 
an intrusion detection and firewall system that supports VPNs. The VPN 
support was critical because eBSure ' s developers-many of whom work from 
home and are dispersed geographically-are constantly exchanging information 
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about the software, as well as pieces of the software code over the 

"As a software entrepreneur, I have to protect my assets, which are 
a base of programmers, the software they produce and our Web site, ' ' 
Ziegler says. "All three of those elements are affected by being connected 
to the network. We're inherently vulnerable." 

Ziegler interviewed numerous security vendors, including companies 
offering firewalls, intrusion detection, virus protection and encryption. 
Given his desire for a high level of security, he found that the price 
points of equipment, software and a professional staff were more than he 
could afford. 

"I had two choices," he says. "Make some trade-offs, or look for a 
managed service provider that could implement my (security) policies and 
provide me with a pay-as-you-go model." 

Ziegler spent 30 days analyzing the various solutions and finally 
decided to hire Riptech, a service provider that 
offers risk assessment, security policy, architecture 

review and monitoring services. Riptech supports 12 different intrusion 
detection products and cross-correlates the attacks made on the various 
systems. Ziegler says his company went live with Riptech in just 
a week and now feels much more comfortable about the network's security. 

"Hackers are getting a lot more sophisticated," Ziegler says. "They 
are able to tap on thousands of virtual doors simultaneously, looking for 
vulnerabilities. I'm in the intellectual asset business-software. That's 
why I worry about protecting it. For us, it's not an option, it's a 

Craig Guinasso, formerly assistant security director at BankServ, 
also considers security critical to the success of his company's business. 
Guinasso left his BankServ job last year to become a senior security 
manager at Slam Dunk Networks. Prior to his corporate jobs, Guinasso worked 
for the Department of Energy's Emergency Response Team. One of his 
responsibilities at the Energy Department was to test the vulnerability of 
its in-house VPN. 

"(If you're using a VPN), a hacker will use a tunnel to get into 
your corporate network," Guinasso says. "Most people don't care about 
security until there's a break-in. We knew from the start we had to secure 
(our VPN) connections because they were vulnerable." 

Security experts say security is only as robust as its weakest link. 
Guinasso says telecommuters are the weakest link because hackers know 
companies are guarding the core corporate network. BankServ uses the 
Network ICE tools suite to protect its home users. Although Guinasso is 
happy with the product, he admits that any security solution is only secure 
until a new hole is discovered. 

Given the creativity among hackers, vendors and service providers 
warn that intrusion detection must become a front-burner issue. Cyber 
attacks have separated businesses into two types: Companies that have been 
attacked and those that will be attacked. So be afraid... be very afraid, n 

Lisa Morgan is a contributing editor at InternetWeek . She can be 
reached at lisamorgan@mindspring.com. 

KEEP THE INTRUDERS OUT 

Use these tips as a guide for deciding on an intrusion detection 

Be honest. Admit that your company is vulnerable to attack. 
Assess the risk. Define the risks, then be sure top corporate 
management understands what's at stake. 

Have a plan. Define a set of security policies and then implement 

Educate your staff. Have the IT staff learn about security methods, 
trends and systems. 

Understand what needs to happen. It's important to understand how to 
implement IDSes and the resources they require. 
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Focus on intrusion detection. Include an IDS as part of your overall 
enterprise security strategy. The IDS should be in line with your network 
architecture and business model. 

Follow up with the systems vendors . Download the latest security and 
operating system patches often. 

Use outsourcers. Hire security consultants or outsource security if 
you don't have the internal expertise to handle the level of security you 

Stay involved. If you outsource security, keep close tabs on the 
outsourcer. Agree on how to administer a regular feedback loop. 

Keep informed of the latest trends. Stay alert-attack strategies are 
constantly changing. 
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Project management is the process by which a project is initiated, planned, 
executed, and controlled from a clearly specified scope to successfully 
meet project objectives. A project management team in a contract research 
organization (CRO) is compelled to adjust its approach according to the 
vast array of inquiries and work awarded from various companies within the 
industry. A project management team's contribution to risk management, 
joint ventures, and the one-stop-shop paradigm used by many pharmaceutical 
companies in their outsourcing approach are discussed. From a project 
management perspective, a CRO can add value to 5 areas when these 
distinctions are well understood: solid regulatory expertise, scientific 
expertise, risk management, joint ventures between small and/or large 
R&D groups, and outsourcing approach. 
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Planning for risk allows project managers to overcome hurdles and meet the 
project's objectives. 

Project management is the process by which a project is initiated, planned, 
executed, and controlled from a clearly specified scope to successfully 
meet project objectives. A project management team in a contract research 
organization (CRO) is compelled to adjust its approach according to the 
vast array of inquiries and work awarded from various companies within the 
industry . 

Part I of this article discussed a CRO ' s regulatory and scientific 
expertise (1) . Part II focuses on a project management team's contribution 
to risk management, joint ventures, and the one-stop-shop paradigm used by 
many pharmaceutical companies in their outsourcing approach. 

Risk management 

A large CRO ' s ability to anticipate pitfalls and to have multiple 
contingency plans at several levels (e.g., from financial stability to 
scheduled project deliverables) increases the likelihood of a successful 
partnership between a small research and development (R&D) company and 
a large CRO. Planning for risk allows project managers to anticipate 
hurdles and to develop effective and easy-to-implement plans to overcome 
the obstacles and meet the projects objectives. The perceived risks 
impinging on the relationship between a small firm and a large CRO can be 
categorized according to legal, financial, scientific, logistic, and 

Legal. The large CRO may insist on executing confidentiality agreements, 
master service agreements, and contracts before beginning any discussions 
or work. Although time consuming, the execution of such documents before 
any work is initiated ensures adequate coverage, responsibilities, and 
rights for both parties in the event of breach or fault by either party and 
helps CROs more effectively manage risk. Mutual indemnification often is 
disregarded because the ability to cover legal costs associated with 
potential claims is not always appreciated by small firms. Governing law 
also is a large and often overlooked factor among many small R&D 
organizations. Governing law can affect court decisions with considerable 
variability, especially when reciprocal indemnification clauses are omitted 
from legal instruments. Large corporations tend to have more experience 
with legal risks and are therefore more open to resolving contractual 
matters before work is initiated. 

Financial. The availability of funds is a major limiting factor for small 
R&D companies, which are forced to favor bids from the least expensive 
CRO. This choice sometimes works against the small R&D firm because the 
selected CRO may not offer the same depth of knowledge that a large CRO 
does. A low price typically means that a project manager may not be 
dedicated to the project. From the CRO ' s perspective, limited funding 
requires that a partial payment is made up front before work is begun, all 
billing milestones are met, and invoices are paid as work progresses. 

The fiscal limitations of a start-up companylt; also may require 

more creative financing plans, with payment terms that may include stock 

holdings to the servicelt; providerlt ; . CROs should 

evaluate stock participation as compensation for services within their 
overall risklt; assessmentlt ; as regulatory agencies 
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Scientific issues. A CRO ' s scientific expertise and experience are 
essential for anticipating the various scientific challenges that can delay 
project timelines. These challenges may include 

* technical difficulties intrinsic to the compound (e.g., developing the 
appropriate detection method without creating unrealistic price and 
timeline expectations) 

* the compound's biochemical nature and complexity (e.g, stability and 
storage ) 

* any special supplies needed to perform the work, which may include 
exclusive products that require several weeks for delivery. 

Clearly defining the scope of the work and the scientific expectations 
before beginning the work will minimize potential risks. Large CROs tend to 
have more qualified resources and backups available, both from the bench 
and from the project management team. 

Logistic issues. Communication models should be developed for each project. 
A distinction should be made between routine communication and crisis 
communication. A routine communication involves day-to-day updates of 
project milestones and change notices that may affect the critical path or 
parallel path within the project timeline. Crisis communication involves 
issues that must be resolved immediately because they definitely affect 
other milestones along the critical path. Making this distinction ensures 
that key decision makers or strategic managers are aware of and are 
involved in resolving an issue. Many large CROs service global clients, 
which requires specific procedures and backup plans with respect to sample 
or material shipment . 

Personnel. A strong and open relationship between a small R&D company 
and a large CRO, in which roles are clearly defined and expectations are 
clearly laid out at the onset of any specific project, will facilitate risk 
management. Issues such as differences in language and culture require that 
the CRO make special efforts to avoid assumptions or misunderstandings. 

Joint ventures 

On the basis of the authors' observations of small R&D and big pharma 
joint ventures, some of the greatest project management challenges arise 
when combining a familiar approach with a more creative plan. Both partners 
must be accommodated in order for a CRO to successfully become a part of 
that collaboration. Before bringing in a CRO as a third party, joint 
venture partners should build a strong, confident relationship with the 
other business partner. 

A CRO's understanding of the investment or level of participation that each 
party brings to the joint venture agreement will facilitate understanding 
of the decisionmaking and communication processes that should be respected. 
Knowing whether this agreement has been established to cover a specific 
project or a more general collaboration allows the service provider to 
define the scope of its business relationship with the joint venture 
partners. Recognizing the need for a CRO to be flexible in providing either 
broad master service agreements or project-specific agreements is a 

Although joint venture partners often present themselves as a single 
entity, less — structured agreements may require that the partners be 
managed by the CRO as two separate companies. Accordingly, service 
providers should understand the intricacies of the contractual agreements 
binding these companies. For example, various decision-making processes for 
technical matters and contractual issues may exist within a joint venture 
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agreement. The noncompetition covenants within the agreement may restrict 
the sharing of information between the technical decision makers and those 
handling commercial matters. 

The CRO ' s project management team may be privy to all matters and therefore 
is obligated to devise and maintain clearly defined communication models to 
preserve the confidentiality required by the joint venture agreement. The 
successful joint venture agreement will identify a restricted number of 
members - a maximum of five or six - who will be involved in making the 
decisions. The core team will have defined responsibilities for dayto-day 
issues, established communication models, and responsibilities for each 
milestone in the joint venture program. The CRO also must be mindful of the 
logistical aspects of the communication model by being flexible about its 
work schedule when managing the partners of a joint venture across 
different time zones. 

These mechanisms can facilitate timelines and help companies avoid cost 
overruns. A successful CRO association with a joint venture agreement 
depends on upfront resolution of the following: 

* Who should handle the CRO queries and updates on project status? 

* Who determines, and at which point, whether the other partner should be 
drawn into the discussion? 

* Who has final decision authority for approving changes in budget 
allocation, scope, or timelines? 

Project managers have more control of timelines and cost overruns when the 
structure of the joint venture agreement is fully understood ahead of time. 

The one-stop-shop paradigm 

Small R&D firms and large pharmaceutical companies may choose to 
outsource work for several reasons: to add resources, to access additional 
expertise, to increase organizational flexibility, to reduce development 
time, or to increase cost effectiveness. One trend in outsourcing strategy 
is the one-stop-shop approach in which a CRO is awarded a substantial 
portion or even an entire product development program. The authors' project 
management group has observed differences and commonalities in attitudes 
between big pharma and small R&D firms toward this approach. 

Request for proposals (RFPS). A distinction exists between big pharma and 
small firms in how they approach a CRO with an RFP before contracting work. 
Small firms often will request a price bid for global product development 
(or at least a substantial share) , whereas large innovator companies are 
likely to request different quotes for various pieces of the entire program 
from one CRO. Interestingly enough, after gathering all proposals, neither 
type of client is more likely than the other to award an entire program to 
one CRO. 

Outsourcing. A sponsor must decide early in the outsourcing process whether 
CROs are to be service providers or strategic partners. The choice then is 
whether to use one or several CROs. Many small R&D companies prefer the 
strategic partnership option. Placing the outsourced work at one CRO 
through a strategic partnership is seen by many small R&D companies to 
have the following benefits: 

Strong relationship between sponsor and CRO. A close, strong relationship 
between the CRO and the sponsor is seen as one of the most positive 
outcomes of the strategic partnership outsourcing approach. The sponsor is 
a key member of the project team, which is formed at the CRO and is 
included at every decision-making step. As a compound moves through 
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development and into the various areas at the CRO ' s facility, the project 
manager will remain on the project team and is the sponsor's 
representative . 

When working with large CROs, small R&D companies often are concerned 
about their projects being given lower priority status than those of large 
companies. Project managers are responsible for focusing on their clients. 
This level of focus is facilitated by a strategic partnership in which the 
project manager is more in tune with the internal priorities and 
expectations of the sponsor and ensures that appropriate priorities are 
maintained. In addition, dedicating one project manager to all of the work 
for that sponsor helps ensure consistency. 

Knowledge of the molecule or compound. As a compound moves through the 
development stages within the CRO-sponsor strategic partnership, the 
knowledge and expertise gained by the CRO in working with the compound is 
spread more easily among various departments. This expertise facilitates 
the transition. 

Risks associated with the one-stop-shop approach. The risks observed by 
both small R&D firms and large pharmaceutical companies in outsourcing 
all of the work to one CRO are akin to the risks associated with any lack 
of diversification in procurement. Like many businesses, many start-up 
R&D firms and established corporations will shy away from relying on 
any one supplier or service provider for the following reasons: 

* overall product development cost control 

* concerns about breadth of expertise among the various stages of product 
development 

* doubts surrounding the CRO's financial stability or longevity 

* trepidation about the CRO's depth of scientific and regulatory expertise 
with respect to employee turnover 

* desire for second (or possibly more) opinions regarding scientific and 
regulatory approach 

* concerns about the CRO's reputation among regulatory agencies with 
respect to compliance with good clinical practices, good laboratory 
practices, and good manufacturing practices over time. 

The ability of the the individual project manager and the team to be 
flexible is crucial to servicing all clients, whether they prefer to 
diversify their outsourcing or to contract all work to one CRO. 

Conclusion 

Before a CRO can begin a successful relationship with start-up enterprises 
such as fledgling innovator, biotechnology, and generics firms, the needs 
of these unique companies must be distinguished from those of their more 
established counterparts. From a project management perspective, a CRO can 
add value to five areas when these distinctions are well understood: solid 
regulatory expertise, scientific expertise, risk management, joint ventures 
between small and/or large R&D groups, and outsourcing approach. 
Project managers have come to appreciate the high standards placed on a 
CRO's performance by a dynamic industry and the consequences of performance 
on its various segments. This two-part article has focused on the 
organizations that make up some of the more exciting and yet often 
vulnerable sectors and some of the potential opportunities and challenges 
facing them and the project management teams they are working with. 
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ORLANDO, Fla., Oct. 31 /PRNewswire/ — 

AT&T (NYSE: T) has developed the technology, resources, expertise and 
relationships with industry-leading companies to become a major force in 
the High Availability Networking Solutions industry, the company announced 
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at the Storage Networking World Conference here today. 

"Customers have entrusted management of their networks to us," said 
Rudy Alexander, vice president and managing partner at AT&T Solutions, 
the company's networking professional services subsidiary. "Now they are 
looking to us for help in developing and managing long-term, custom 
network-based storage solutions, and we are perfectly positioned to do so. 

"The foundation we are building this new business on is our global 
network; hundreds of conditioned network nodes around the world; the 
AT&T Solutions Global Enterprise Management System (GEMS) , our world 
class networking-management and monitoring platform; and seven advanced 
networking-management centers worldwide. 

"Hundreds of professional services experts are dedicated to this 
business, skilled in complex, integrated high-availability Storage Area 
Networking (SAN), storage, computing and networking implementations and 
with proven expertise in rapidly scaling services to meet high-growth 
demands," Alexander said. 

AT&T Solutions has announced strategic alliances with EMC Corp. 
for AT&T Ultravailable (SM) Data and with Hewlett-Packard Company for 
AT&T Ultravailable (SM) Computing for HP Platforms. Following an open 
network systems approach, the company is teaming with the leading hardware 
and software vendors across the industry. 

AT&T is a member of HP's 5nines : 5minutes program, which is 
focused on delivering the highest availability for customers doing business 
in the Internet economy. AT&T is supplying global networking and 
integration components for the program. 

"We were an early adopter of high-availability storage networking 
ourselves, and we deployed SANs for our own internal network management and 
monitoring, enterprise applications and storage consolidation 
programs," Alexander said. 

Users of AT&T's high availability solutions include financial 
services companies, Internet Service Providers, 

manufacturers and the lodging industry. AT&T Solutions is providing 

high availability network storage risk assessments, 

risk assessments of networks, IP backbones and 

customer care operations, security assessments, design and 

engineering professional services and more. 

Benefits to clients include access to the most sophisticated 
end-to-end networking management and monitoring capabilities, custom 
service level agreements and overall best in class quality, availability 
and reliability. To support its professional services, AT&T leverages 
its buying power for equipment provisioning for customers. Because the 
company is constantly updating its technology platforms, clients can 
benefit from regular technology updates and from not having to take on new 
technology risk alone, he said. 

The company has made significant investments in enhancements to its 
GEMS platform for monitoring and managing high availability solutions. 
AT&T monitors and manages clients' networking, storage, SAN, server, 
application and e-business solutions from its networking management center 
in Alpharetta, Ga . 

AT&T Solutions is a member of the Storage Networking Industry 
Association and holds patents in high availability and business continuity 
technologies . 

The company's commitment to leadership in high availability 
networking solutions agreement is another example of AT&T executing its 
strategy to be the broadband network of choice for companies of all sizes 
as it helps them manage, transform and innovate in their businesses. 

About AT&T 

AT&T Corp. (http://www.att.com) is among the world's premier 
voice, video and data communications companies. With annual revenues of 
more than $62 billion and 160,000 employees, AT&T provides services to 
customers worldwide. 

Backed by the research and development capabilities of AT&T 
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Labs, the company runs the world's largest, most sophisticated 
communications network and has one of the largest digital wireless networks 
in North America. 

The company is a leading supplier of data and Internet services for 
businesses and offers outsourcing, consulting and networking-integration to 
large businesses. Through its recent cable acquisitions, AT&T delivers 
broadband video, voice and data services to customers throughout the United 
States. Internationally, Concert, the AT&T/BT Global Venture, serves 
the communications needs of multinational companies and international 
carriers worldwide. 

Logo : http: //www . att . com/identity/library/ 
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NEW YORK, Oct . 5 /PRNewswire/ — 

A new poll of 300 service providers and 356 enterprise/ IT Web 
professionals indicates that there is tremendous room for growth in the 
application service provider (ASP) arena. This landmark ASP Study, 
produced by tele.com, whose in-depth, forward-thinking analysis provides 
service provider executives with the intelligent context needed to compete 
successfully, and NetWorld+Interop 2000 Atlanta, aimed at analyzing both 
the supply and demand sides of emerging application services. It surveyed 
service providers and enterprise managers — the buyers and the sellers -- 
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on similar topics. Top line findings include: 

— 75 percent of current ASP users claim ROI within one year 

— The most important hosted application service elements required 

by 

customers are 24 x 7 technical support (77 percent now/58 percent in 
the next twelve months); service-level agreements (74 percent now/79 
percent in the next twelve months) are rated the most important 

hosted 

application service elements to customers 

— Reliability (77 percent), customer service (71 percent) and 
expertise 

in needed applications are the most important criteria organizations 
used when selecting an ASP vendor 

— Lack of control over data (71 percent) and security concerns 
(63 percent) are the most important factors limiting use of ASPs 

— Locating or retaining qualified technology expertise (65 percent) 

the most common operational challenge for organizations delivering 
application services 

— Security (62 percent) and speed & performance (57 percent) 

common infrastructure challenges in organizations delivering 
application services 

The survey shows that early ASP adopters have dipped into outsourced 
services one at a time and are now more clearly defining the services they 
want to adopt. The most common uses now, as well as those predicted in the 
next twelve months, are Web site and e-mail services. Another interesting 
finding shows that while small to mid-sized companies (under 100 employees) 
were the first to adopt the ASP model, the next group to use application 
services will be large organizations of 1,000 employees. 

"While this survey shows that ASPs seem to understand the needs of 
current buyers in this early phase, it also shows a lack of understanding 
for what prospective buyers want and need. Many of these non-users have 
not been approached by ASPs and do not understand the benefits of using an 
ASP," explained Jerry Caron, tele.com associate publisher. "To fully 
exploit this $25 billion industry by 2004 (Dataquest), it is critical that 
service providers gauge the needs of future customers and that they clearly 
communicate the business value of using hosted applications." 

The Enterprise Perspective 

Companies are using applications primarily for Web sites and e-mail 
messaging. Almost 80 percent of these current application users claim to 
recover their costs in the first year, while non-users are more skeptical 
of returns and risk-averse to purchasing hosted applications. 
Company culture (51 percent of enterprise companies 

say they don't even outsource), control, and security are the biggest 
factors determining non-use. Seventy six percent of non- and 
future-users deem risk management insurance critical to their 
purchase of these applications. 

The Service Provider Perspective 

Service providers are faced with both 
challenge and opportunity in closing this perception chasm between users 
and non-users. And there is much opportunity, because over 50 percent of 
enterprise end-users have not even been approached to buy hosted 
applications. According to the results, ASPs expect to drive deeper into 
the enterprise hierarchy in the next 12 months. If they are going to change 
non-user perceptions, ASPs will need to focus on the security of hosted 
applications and communicate boldly on their benefits. 

Some Conclusions 

Service providers need to "cross the chasm" between early-adopter 
current users and new customers. If they are to succeed, they will have to 
concentrate on building out infrastructure, as well as hiring and 
maintaining the technical expertise to keep their applications running 
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around the clock. The survey shows that service providers are in fact 
getting ready for this opportunity, but in an environment of scaled back 
funding and consolidation, the competition is bound to be fierce. 
About the Survey 

The survey methodology for this study was telephone interviews from 
a random sample of over 600 tele.com magazine subscribers and 
NetWorld+Interop attendees. If you are interested in more information 
about this landmark study, please contact ndonegan@cmp.com. 

About tele.com 

tele.com provides executive-level service providers with the 
intelligent context they need to compete successfully in today's rapidly 
evolving communications industry. Through its in-depth, forward-thinking 
analysis of communications trends, technologies, and issues from a global 
perspective, tele.com empowers senior management to make smart, strategic 
decisions. The magazine's circulation spans more than 79,500 managers at 
all types of network services providers and operators worldwide. The 
tele.com Web site is http://www.teledotcom.com. 

About CMP 

CMP Media Inc., recently acquired by United News & Media pic 
(Nasdaq: UNEWY) , is the leading high-tech media company providing essential 
information and marketing services to the entire technology spectrum-the 
builders, sellers, and users of technology worldwide. With its portfolio 
of newspapers, magazines, custom publishing, Internet products, research, 
consulting, and conferences, CMP is uniquely positioned to offer marketers 
comprehensive, integrated solutions tailored to meet their individual 
needs. Online editions of the company's print publications, along with 
products and services created exclusively for the Internet, can be found on 
CMPnet at http://www.CMPnet.com. 

About NetWorld+Interop 

NetWorld+Interop is a Key3Media Event. Key3Media Events, Inc., a 
wholly owned subsidiary of Key3Media Group, Inc., is the world's leading 
producer of information technology tradeshows and conferences, serving more 
than 6,000 exhibiting companies and two million attendees through 60 events 
in 18 countries. Key3Media Events' products range from the IT industry's 
largest exhibitions such as COMDEX and NetWorld+Interop to highly focused 
events featuring renowned educational programs, custom seminars and 
specialized vendor marketing programs. For more information about 
Key3Media Events, visit http://www.key3media.com. 

Key3Media, NetWorld+Interop, Interop, COMDEX and associated design 
marks and logos are trademarks owned or used under license by Key3Media 
Events, Inc., and may be registered in the United States and other 
countries. NetWorld is a service mark of Novell, Inc., and is registered in 
certain jurisdictions. Other names mentioned may be trademarks of their 
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Hiverworld' s Swarm (TM) and Ansible (TM) Selected by XUMA as 
Best-of-Breed 

Solution for Vulnerability Assessment and Management 
BERKELEY, Calif., Sept. 26 /PRNewswire/ — 
Hiverworld (TM) , an emerging leader in network risk 
management technologies, today announced XUMA as a new customer. 
Hiverworld' s products Swarm (TM) and Ansible (TM) offer service 
providers and enterprises an innovative approach to network 
security assessment. Swarm continuously profiles network 
vulnerabilities, including the detection and evaluation of a 
company's security risk level, as well as identifying 

and classifying specific vulnerabilities. Ansible (TM) collects raw data 
from Swarm appliances and stores the information in a centralized 
intelligent database for reporting and comparative evaluations over time. 

"We recognize Hiverworld as key technology for making the Web 
systems we build and host as secure as possible," said Jamie Lerner, CTO, 
Chairman and co-founder of XUMA. "The ability to discover the 
vulnerabilities in our customers' systems is an invaluable added service, 
as it provides customers with a key element in maintaining a secure 
network. With XUMA's 24x7 monitoring enhanced by Swarm and Ansible, we 
are taking our customers' security to a much higher level. Once an alert 
is generated by Swarm and Ansible, our expert security staff will respond 
and make recommendations to our customers for modifying their systems to 
eliminate critical vulnerabilities." 

Swarm has a 97% accuracy in identifying vulnerabilities through the 
use of intelligent vulnerability scoring and ongoing vulnerability database 
updates. The methodology used by Swarm ensures that the continuous 
interrogation of network devices has no impact on normal operation and 
performance, making the process seamless to users. Ansible incorporates a 
centralized, failsafe datastore for easy access to Swarm vulnerability data 
through secure communication. Users can view reports through a standard 
browser and can export the data to HTML or PDF file formats for additional 
analysis and viewing. 

"We are excited that XUMA is extending our security solutions to its 
customers," said David C. Cruickshank, Chief Executive Officer and 
President of Hiverworld. "In today's high risk environments, e-business 
providers need the kind of sophisticated vulnerability assessment that 
Swarm and Ansible afford. The primary characteristic of today's networks is 
their ever-changing nature. Our security solution is equally dynamic, and 
that will give XUMA's customers the kind of network risk management control 
necessary to keep their businesses secure." 

About Hiverworld, Inc. 

Founded in 1998, Hiverworld Inc. is a privately held company 
headquartered in Berkeley, CA . Hiverworld' s team of security experts has 
developed patent-pending security technologies to build a new class of 
network -based, intelligent risk management solutions. Managed Service 
Providers and e-businesses use the company's products and services as key 
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building blocks in their security infrastructure. Hiverworld is a founding 
member of the Common Vulnerability Enumeration Project. For more 
information, visit www.hiverworld.com. 

NOTE: All company and/or product names used herein may be 
trademarks of their respective owners. 
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Six-City Seminar Series Details E-Business Security Threats and 
Solutions and 

Provides a Confidential Security Risk Assessment to 
Each Participating Executive 
ALAMEDA, Calif., Aug. 23 /PRNewswire/ — 
Pilot Network Services, Inc. (R) (Nasdag: PILT), the first provider 

six-city seminar series that details e-business security risks and 
solutions for Australian business leaders. Presented in conjunction with 
PRIMUS Telecommunications Group, Incorporated (Nasdag: PRTL) , Australia's 
fourth largest carrier and second largest Internet service provider, the 
seminars also provide each participating executive with a confidential 
e-business security risk assessment to identify potential areas of 
vulnerability to viruses and data tampering. 

Australia and around the world — security has shifted from a technology 
issue to a mission-critical business imperative. Whether a company is 
selling products and services online, or is using the Web to communicate 
with partners and suppliers, it is exposed to the dangers of cybercrime. 
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With this seminar series, Pilot and PRIMUS will share e-business security 
expertise with Australian business executives to help identify risks and 
solutions before problems arise, " said Marketta Silvera, chairman and chief 
executive officer of Pilot. 

Partnering to Protect E-Business: 

Pilot and PRIMUS Telecommunications Group 

In January, Pilot and PRIMUS announced a partnership by which Pilot 
configures PRIMUS Centers around the world with its patent-pending 
Heuristic Defense Infrastructure (TM) (HDI (TM) ) to provide secure 
e-business. On August 11, PRIMUS launched the first of these centers — 
its new, state-of-the-art data center in Melbourne, Australia. This center 
is the first in the Pacific Rim region to offer Pilot Protected (TM) 
e-business services, including secure Web hosting, Internet access, and 
extranet services to enable businesses to securely extend their enterprise 
to business partners, customers, and suppliers worldwide. 

Seminar Dates 

The Pilot-PRIMUS E-Business Security seminars took place in Sydney 
on August 18; Melbourne on August 21 and 22; and Adelaide on August 2 3 and 
are scheduled for Perth on August 24; Brisbane on August 25; and Canberra 
on August 29. Executives from Australian companies with e-business 
initiatives are invited to attend. The confidential security 
risk assessment is free to all seminar participants. 

About PRIMUS Telecommunications Group 

PRIMUS Telecommunications Group, Incorporated is a global 
facilities-based Total Service Provider offering 

bundled data, Internet, digital subscriber line (DSL) , e-commerce, web 
hosting, enhanced application, virtual private network (VPN) , voice and 
other value-added services. The Company owns and operates an 
extensive global network of owned and leased transmission facilities, 
including over 300 IP points-of-presence (POPs) and Internet peering 
relationships throughout the world, ownership interests in over 23 undersea 
fiber optic cable systems, 19 international gateway and domestic switches, 
a satellite earth station and a variety of operation relationships that 
allow the company to deliver traffic worldwide. PRIMUS has been expanding 
its e-commerce and Internet capabilities with the deployment of a global 
state-of-the-art broadband fiber optic ATM+IP network. Founded in 1994 and 
based in McLean, VA, the Company serves corporate, small and medium sized 
business, residential and data, ISP and telecommunication carrier customers 
primarily located in the North America, Europe and Asia-Pacific regions of 
the world. News and information are available at the Company's Web site at 
www . PRIMUStel . com . 

About Pilot Network Services, Inc. 

Pilot Network Services, Inc. is the first provider of highly secure, 
subscription-based e-business services. As the Security Utility (TM) 
pioneer, Pilot enables secure e-business for companies of all sizes in 
every industry by providing a wide range of services with built-in security 
to protect enterprise networks. Pilot protected e-business services 
include secure hosting, Internet access and gateways, and extranet/VPN 
services. Customers can choose options including encryption, 
authentication, access control, virus scanning, and web filtering. Pilot 
provides the highest level of protection available today by connecting 
businesses to the Internet through Pilot Security Centers. Protection from 
hackers, viruses, and other threats is built into the Pilot network with an 
advanced, distributed security architecture called the Pilot Heuristic 
Defense Infrastructure (TM) (HDI (TM) ) . The Pilot HDI combines the most 
advanced technology with 24 x 7 monitoring by security engineers to 
continually evolve and proactively defend Pilot clients' e-business 
interactions against attack. Pilot can be reached at 888-40-PILOT or 
online at www.pilot.net and info@pilot.net. 

NOTE: Pilot, Pilot Network Services, Inc., the Pilot logo and Pilot 
Corporate Partner Privacy are the registered trademarks of Pilot Network 
Services, Inc. and are registered with the U.S. Patent and Trademark 
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Office, and the Pilot Heuristic Defense Infrastructure, Pilot Protected, 
and HDI are trademarks of Pilot Network Services, Inc. 

Except for the historical information contained herein, the matters 
discussed in this news release are forward-looking statements that involve 
certain risks and uncertainties that could cause actual results to differ 
materially, including potential fluctuations in results of operations, the 
new market for Internet security monitoring, detection and defense 
services, impact of competitive products and services, and risk factors 
listed in Pilot's registration statement on Form S-l dated August 10, 1998. 
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COR AG, a German software and service provider, has 

acquired Infexpert Holding AG, a Swiss-based company which 
supplies standard software for the assessment of health 
risks for the insurance sector. The purchase price has not been 
published . 

Infexpert is said to have a 50 per cent share of the German medical 
insurance market. Cor AG, which serves the financial sector, showed 
turnover of DM2 1 . 9m in 1999. 

Abstracted from Frankfurter Allgemeine Zeitung in German FT McCarthy - 
Copyright 2000 Financial Times Information. Source: World Reporter (Trade 
Mark) . 
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SYSTEMS security is a jigsaw - no single service or piece of technology can 
ward off every potential threat. 

Professional services company Sytec set up a national team of experts 
several years ago to piece together the skills and technical expertise to 
deliver tailored security solutions. 

The SytecSecure team consists of more than a dozen specialists, who also 
have access to Sytec 's 50 engineers around New Zealand. 

Business development manager Erin Harte says security issues are a 
worry for many New Zealand organisations in the online era. 

"We see situations where major problems have occurred, due to a less 
than strategic approach to security. Often organisations have some of the 
security pieces in place, but there are gaps in the whole picture." 

"The gaps aren't discovered until there is a problem." 

Organisations that have installed firewalls assume they have addressed 
their security risks, but do not realise that many security breaches occur 
from within. 

Management of traffic in and out of organisations is not always well 
monitored, and little attention is paid to security issues surrounding 
third party network connections. 

"Often we are called in to undertake a security audit after an issue 
has arisen," Mr Harte says. 

"Typically there are huge variations between the security 
organisations think they have in place, and what is actually there." 

Security breaches are alarming even if they do not have expensive or 
business-threatening effects. 

He says security scares are a catalyst for organisations to pay more 
attention to internal and external threats. 

"We witness far too much security work that is poorly conceived and of 
very little depth." 

The SytecSecure team can recommend security building blocks and help 
organisations to prepare a clear security strategy. SytecSecure also 
assists with the design and construction of security solutions. In some 
cases, Sytec provides an outsourced security management service for 
customers who don't have the in-house skills to monitor their own network 

Sytec 's security management service monitors activity on customers' 
networks . 

"We look at traffic to and from the Internet, from third party service 
providers, and even internally within customers' own networks," Mr Harte 
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The service also manages and maintains security policies on behalf of 
client organisations, and the hardware and software used to enforce these 
policies. 

He says SytecSecure ' s analysis, design and build team is always in 
demand. 

"The large scale adoption of Internet connection and e-commerce by 
government and corporate organisations has led to a whole raft of new 
challenges in providing security audit, design, implementation and 
management . " 

SytecSecure works internationally, most recently completing a project 
to design and build next-generation Internet Service 
Provider networks in Asia. 

Consulting services offered by the SytecSecure team include 
risk assessment, auditing, creation of security 

frameworks, security engineering, security penetration testing, deployment, 
and research and development. It also does systems management tasks, 
maintenance, enterprise services, and systems administration. 

Customers include government, energy sector, health and banking 
organisations . 

Details about Sytec and its security services and solutions is located 

at: 

Copyright 1999 Independent Newspapers Limited. Source: World Reporter 
(Trade Mark) . 
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Text: 



San Diego-based HNC Software Inc. (HNCS), an applications service 
provider (ASP) of e-commerce value-added services, March 28 announced it 
has launched its European operations with the immediate availability of 
eFalcon, an Internet fraud management service, and its first European 
client for the eFalcon service, U.K. -based DataCash, a payment gateway 
company. eFalcon, an Internet bank card fraud detection and 
management service for online merchants and service 
providers, will enable DataCash to help merchants 
assess the risk of a purchase for fraud on any type 

of bank card, including credit, debit and private-label card transactions. 
This system, based on neural network technology, will enable DataCash to 
provide its merchant customers a means to accurately predict and manage 
fraudulent transaction purchase behavior. This affords consumer protection 
and helps companies maximize revenue in the Internet commerce environment . 
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(HNC Software Inc., Jane Leonard, 8 58/799-3880; DataCash Ltd, Shallu 
Behar-Gill, + 44 (0) 207 632 0400.) 
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Abstract: 

The Internet and e-business are, in a general sense, the primary drivers 
for much of the technology investment that is taking place now. But the 
really smart companies are pursuing some specific categories and 
opportunities. Some of the e-business spaces - networking, 

telecommunications, infrastructure, software, and services that enable the 
Internet era - are the ones that matter, so the Yankee Group and Upside 
have ranked them to see which companies are the leaders in these key areas. 
Areas ranked are: 1. platforms and tools, 2. applications and commerce, 3. 
services, 4. next-generation networks, and 5. wireless. 

9 

Text: 

The Internet and e — business are, in a general sense, the primary drivers 
for much of the technology investment that's taking place now. But the 
really smart companies are pursuing some specific categories and 
opportunities. Some of the e — business spaces -- networking, 

Internet era — are the ones that matter, so the Yankee Group and UPSIDE 
have ranked them to see which companies are the leaders in these key areas, 
and which ones are just blocking traffic on the information superhighway. 
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Just what are these key e-business areas? 



Customer loyalty. The market for enterprise resource planning (ERP) systems 
took a precipitous fall to near — zero growth in 1999, yet the market for 
customer relationship management (CRM) systems is expanding at a 40 — plus 
percent pace. Why? Because companies are recognizing that the focus has 
shifted away from being efficient and toward being effective. The coming 
decade will be about control of the customer, and the companies that 
succeed are those that rapidly shift their investments in technology from 
internally focused process efficiency to an external customer orientation. 

Pervasive content. Yes, commerce is a killer Internet app, but we think 
that an even bigger (yet less talked about) app is content. This belief 
isn't simply based on the fact that both the Yankee Group and UPSIDE are in 
the content business: It's because, while there is certainly a market to 
buy and sell on the Web, most people are really using the medim to get 
information. Content. As content emerges as a critical app, the arms 
merchants providing content-management systems-from Akamai to 
Vignette — will keep experiencing truly stratospheric growth. 

E-sourcing. Obviously, the need for companies to move themselves into 
e-business is a major driver, but it's also making corporations take a 
long, hard look at whether they should attempt that transition themselves. 
Most of the smart ones are answering, "No." For most, the shift to 
e-business means that many of the skill sets they have worked so long to 
cultivate not only are no longer valuable, but can in fact be a huge 
hindrance. Companies aren't retraining internal staff with last — 
generation skills: Doing so simply takes too long and costs too much. 
Rather, a class of companies we call "e-sourcers" — Internet systems 
integrators and systems innovators, application service providers (ASPs), 
"Netsourcers, " and other service providers-will help companies get to 
market more rapidly and successfully. 

Wireless Internet. The Web is going wireless-and that means huge risks for 
some existing wireless players that are optimized for a voice-driven world. 
But it also creates tremendous opportunities for the technology to provide 
anytime-anyplace access. Perhaps the most significant developments in the 
mobile-communications world are centered around the convergence of wireless 
and the Internet. For years, we at Yankee Group have been saying that "this 
is the year of wireless data," but in 2000 the pieces finally seem to be 
falling into place. 

Even while technology startups keep emerging and converging to take 
advantage of these trends, these companies cannot all win. You could say 
that for every winner there will be a loser; but on the Internet there 
won't be just one loser-there will eventually be hundreds. So what will 
differentiate the winners from the losers? One of the real keys to success 
is whether a company can sniff out marketplace trends, take advantage of 
them and then execute . 

Under any set of circumstances, despite today's ebullient venture-capital 
and IPO markets, we believe that amateur hour is rapidly coming to an end. 
All of these markets that didn't exist a year or two ago and that now have 
10 or 15 young, immature companies in them will be shaken out-and soon. 
When that happens, the new markets will find themselves with one or two 
true success stories, three to five other participants possibly absorbed 
into bigger firms, and perhaps five to 10 flameouts. 

PLATFORMS AND TOOLS 

As the merchants of 1849 discovered, the real money in the California gold 
rush wasn't in panning for gold, but in selling picks and shovels to the 
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miners. In today's Internet gold rush, those companies providing the 
foundation infrastructure are poised to gain a disproportionate benefit 
from the e-business revolution. 

Who really cares whether Merrill Lynch beats E-Trade, or vice versa? The 
action is in providing the billions of dollars' worth of technology that 
they will invest in the process. 

The drive to e-business is already paying off big for the infrastructure 
providers-f rom those that offer baseline software and hardware platforms 
(including IBM, Sun Microsystems, and Microsoft) to those providing 
higher-level application frameworks for functions like personalization, 
e-commerce, and content management (such as Vignette, Art Technology Group, 
and Interwoven) . 

While the infrastructure players thrive, the applications segment of the 
software industry is undergoing a sea change as application service 
providers (ASPs) have captured the hearts and minds-if not yet the 
pocketbooks-of corporations. The early conventional wisdom held that ASPs 
would be the perfect system for the middle market, but so far the customers 
aren't buying. Simply putting an enterprise resource planning (ERP) system 
in a boy, hosting it in a data center, and then renting or leasing access 
to companies has proven ineffective. Also, it has created tremendous price 
erosion among ASPs: We have seen price differences from $80 to $400 per 
user per month for comparable applications. The dust may not settle for a 

Ultimately, the real growth in the applications business will be little 
affected by whether the ASP model takes off. Although we are still 
cautiously optimistic about the appeal of renting versus buying software, a 
simple change in the delivery model does not fundamentally alter either the 
economics of the industry or the value proposition from the customer's 
perspective. In the end, the independent software vendors (ISVs) for 
applications may, as Oracle Chairman Larry Ellison recently stated, become 
the largest ASPS of all. 

So who wins? It may not be so much the ASPs as a new class of companies we 
call "Netsourcers"-those that provide the outsourced infrastructure on 
which the applications are run. Netsourcers are hosting providers on 
steroids; they provide core competency in infrastructure rather than in 
applications. Thus, they are poised to win as long as the appeal of having 
someone else manage companies' infrastructures continues to gain appeal. 
With EBay ' s and other companies' high-profile crashes not only gaining 
headlines but also costing market capitalization, we are very bullish on 
the Netsourcing phenomenon. 

Contributors Colin Mahony, Steve Robins, Paul Scarpa, and Chris Selland 

Microsoft ****We said it last year: Bill Gates should break up his company 
before U.S. District Court Judge Thomas Penfield Jackson does it for him. 
After all, the federal government has in the past won 84 percent of such 
cases, and it certainly doesn't appear willing to cede this one. In the 
meantime, however, Microsoft continues to roll: Windows 2000 is finally 
shipping, and competition from upstarts like those offering Linux and 
established players like Sun Microsystems stay even, at best. Still, 
Microsoft is simply too huge and unwieldy, and a breakup of the company 
makes a great deal of sense. Its management is more than smart enough to 
realize that-so expect this move as part of a settlement later this year. 

Sun Microsystems **** Although Sun now effectively controls Netscape 
Communications' enterprise products, it's becoming obvious that the 
Sun/Netscape alliance was little more than a tax dodge for America Online 
and a way for Sun to get its hands on Netscape's enterprise assets without 
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buying them outright. While this alliance, along with acquisitions such as 
Forte Software and NetDynamics, bring Sun a wealth of assets, the problem 
is that managing this mess has become all but impossible. It's hard to say 
which move Sun CEO Scott McNealy will regret more next year — inviting the 
Department of Justice into the technology tent, or meeting AOL head Steve 
"The Technology Business Will Ultimately Be Decided in the Political Arena" 
Case? Maybe they're effectively the same thing. Also, let's not forget that 
the Linux operating system represents a much bigger threat to Sun's Solaris 
OS than it does to Windows. While 1999 was a good year, this year might be 
just a tad tougher. 

Novell ** If Eric Schmidt is such a genius, why have all of Novell's 
marketing people quit? Maybe the CEO figured out he didn't need them-or 
perhaps the company's "comeback" may have been called a bit too early. By 
the way, has anybody bought a copy of NetWare lately? (We didn't think so.) 
While Novell's new offerings, including NDS and Digitalme, hold promise, 
customer adoption still lags. We wouldn't be surprised to see these 
products acquired if the dogs don't start eating the dog food — and soon. 

IBM **** Lou Gerstner may run IBM's broad portfolio of technology assets 
more like a mutual fund than a technology giant, but the company has made 
the tough decisions and is almost fully focused on the infrastructure 
market. Although distractions-such as forming CorePoint Technologies to get 
a toehold into the customer relationship management (CRM) market and trying 
to compete with Cisco Systems in networking-have faded, growth (outside of 
the services sector) remains problematic. Meanwhile, Jeff "Top Gun" 
Papows's eviction as the head of the weakening Lotus Development definately 
showed; the division's autonomy, while a noble experiment, was simply not 
working anymore . 

Hewlett-Packard *** "Venerable" and "HP" go hand in hand. So did "stodgy," 
"asleep at the switch" and "Internet? What Internet?" In 1999, the company 
got a good dose of religion — and made a rapid-fire array of HP-style deep 
(read: real) Internet software partnerships with the likes of BEA Systems, 
BroadVision, Viador and Yahoo. An open question: Are partnerships the right 
direction, or should HP get more aggressive about acquisition? The Carly 
Fiorina era is off to an adequate start, but much remains to be done to 
tighten the company's strategy and execute it. 

Compaq Computer ** Yes, it's easy to second-guess, but Eckhard Pfeiffer 
drove this company almost all the way into the ground with ill-advised and 
poorly executed acquisitions-particularly of Digital Equipment. 
Restructuring, management turnover and reorganization have drawn focus away 
from innovation and growth. However, Michael Capellas was a brave choice 
for the new CEO, and he is itching for an opportunity to prove the doubters 
wrong. Compaq's powerful brand — although somewhat tarnished-still shines, 
and there is a window of opportunity to rebuild. 

Computer Associates International *** CA has never been an innovator, but 
it is always present with a very complete lineup of proven (if 
long-in-the — tooth) products. Its push into e-business is a good sign that 
the market is maturing — but also that CA will begin making life much 
tougher for some of the incumbents. Expect a move for either Sybase, 
Informix or both this year. That would apply some real pressure to Oracle. 

SilverStream Software *** SilverStream has always understood the need for 
simplicity when it comes to developing, deploying and managing Internet 
applications. Its integrated system for Web application development has 
been well received in the market, particularly among ISVs and developers. 
That said, there are also many who simply want an application server for 
deployment without all the development bells and whistles. This is 
something that SilverStream claims to have addressed in its newest release. 
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The company has a seasoned management team with great experience in the 
database world, which will be important as those vendors continue to 
encroach on the application server market . 

BEA Systems * * * BENs acquisition of WebLogic was one of the shrewdest 
software acquisitions of 1998. WebLogic ' s Web application server remains 
the leading enterprise Java bean server in the market, and it is a good 
vehicle from which BEA can sell its traditional middleware. BEA needed a 
story, and WebLogic is it. Let's face it: Connecting distributed 
applications and data is on the mind of every chief information officer, 
and BEA stands poised to offer the tools for the job. Its strong 
relationship with HewlettPackard (which really should have just bought the 
company) should help here as well. Although BEA may find some of its 
cash-cow middleware products being heavily discounted by large, aggressive 
competitors such as IBM, we believe that its top-notch management team is 
up to the challenge. 

Persistence Software *** Persistence is a pure-play transactional 
application server vendor with object-relational mapping, caching and 
replication technologies that separate it from the pack- We believe that 
the company's E-commerce Appliance Initiative should be well received in a 
market that values one-stop shopping. Its alliances with Internet VARs and 
a few large OEM deals, like the one it struck with Intershop, should give 
Persistence a significant boost in market share. The key will be its 
ability to break early into startups and smaller accounts with its low-end 
offering while also selling the one-stop system — a strategy we expect to 
work well. The good news is that companies are waking up to the importance 
of persistent object caching as customers constantly demand more data more 
quickly. Missing its results in the first quarter after its IPO didn't help 
its cause with investors, but Persistence has a great vision and product 
lineup . 

Sybase ** The big news of 1999 for Sybase was, well, that there still was a 
Sybase. After Oracle just about leveled the smaller database and 
application tool company in 1998, Sybase came back in '99 with a tightened 
focus and a strategy centered around portals. All right, our .turnaround of 
the year" call in '98 was premature, but it has happened. Portals leverage 
Sybase's database strengths, but in such a competitive market the company 
needs to expand on its resurgent momentum to make sure the turnaround 
sticks. 

Informix ** Like Sybase, Informix also has a focused new message, although 
in this case it's on commerce systems. Chief financial officer Bob 
Finocchio did a tremendous job of turning this mess around, but his 
departure from operating duties could have been better-timed (for the 
company, at least) . Nonetheless, the turnaround seems to be on track, as 
financials are looking up. But also like Sybase, Informix focuses on a 
very, very competitive market, and this could well be its last chance so 
the company had better get it right . 

Allaire *** Get into enough departments and you have a virtual enterprise 
system. Allaire's products are widely deployed just about everywhere. A 
core enabler of Internet infrastructure, the company provides an 
application server and a new content management system that runs atop the 
app server platform. Expect Allaire to keep developing strong additions to 
Internet infrastructure for the enterprise. 

Inktomi *** Inktomi plans to be the Microsoft of content that is 
distributed to the edge of the network, offering a platform for content 
delivery (caching software) as well as the applications to make that 
work-including content distribution, streaming media and more. Its greatest 
threat is that Akamai's service approach wins over Inktomi 's product 
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approach, but Inktomi ' s deals with big players such as Exodus 
Communications and Digital Island should mitigate that risk. 

Vignette *** The company that virtually defined soup-to-nuts content 
management and personalization is off and running-to keep ahead of a 
fast-growing market. The only problem is that the "Personalization 
thing"-individualized content that brings in millions of new 

customers-remains something of an enigma: It's often difficult to implement 
and usually very costly. Smart, yes, but maybe it's time for a new approach 
without the pain. That's why we're looking for a company-it could be 
Vignette-to redefine the market again. 

Interwoven *** The content is the message! No content, no message. And 
content is what Interwoven delivers to Web sites. We like its product and 
technology vision. With a stable of blue-chip clients and partnerships with 
leading personalization vendors, Inter-woven is proving that content is 

Eprise **** Eprise provides content management to help companies 
communicate with their key constituencies: front-to-back, next — 
generation, dynamic, user-oriented. It's a mouthful, but Eprise handles it 
all with ease through its content-management platform. The technology is so 
strong that it has multiple uses under the covers; chances are you just 
haven't seen them all yet. 

Mercury Interactive **** One of the hottest companies in infrastructure, 
Mercury has taken the once mundane and obscure world of quality assurance 
and testing and now basically owns it. As high-profile outages such as 
EBay's continue to put focus on reliability, Mercury is poised to shine. It 
is one of the few vendors that can test and monitor not only Web systems 
but ERP and other back-end systems as well. We expect this Mercury to keep 

Accrue Software *** From its roots in the development efforts of Organic 
Online, Accrue burst on the e-marketing scene last year with the first IPO 
of this hot sector. Its Insight product is a collection of some of the most 
sophisticated Web-tracking software available. As integrating clickstream 
analysis into e-commerce and personalization initiatives becomes a 
priority, the destiny of Accrue 1 s tools is in a larger offering of its or 
others' design. 

Net Perceptions*** Personalization is hot, and perhaps no name has been 
more synonymous with the concept than Net Perceptions and its collaborative 
filtering tool that Amazon.com put at the disposal of the masses. Net 
Perceptions recently established Personalization, com, a speakers' corner 
for dissenters and boosters alike. The verdict is still out on whether the 
buzz is hype or not, but personalization has proven that it can sell. 
Through software, consulting, and conference fees, no one stands to gain 
more in the sector than Net Perceptions. 

Blue Martini Software * * * Grabbing the spotlight in the e-commerce 
platform showroom of late is Blue Martini. This two-year-old has found 
itself under the hood of some major online retailing operations. It has 
taken the CRM message to e-merchandising with a fury; the mantra "Don't 
sell to customers, interact with them" has almost become its product's new 
name. With the ever — lengthening queue of companies looking to "e" their 
business, remember that Blue Martini is one of those working behind the 
register . 

Plumtree Software ** Chances are you hadn't heard of Plumtree 18 months 
ago, and maybe you still haven 't-but you will. It is now everywhere because 
it has virtually defined the corporate portal space. Look for new 
partnerships with business — intelligence vendors as Plumtree becomes the 
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de facto standard for user interface to applications, content and data 
throughout the extended enterprise. The biggest risk is that the company is 
too early to market, since this market has yet to really emerge. 

Viador ** Here's another corporate portal play with a strong presence in an 
early market-but one with tons of promise. Viador has been quite nimble: 
Starting with its business-intelligence applications in 1999, the company 
morphed itself into an enterprise information portal. A slew of 
partnerships with the likes of Hewlett-Packard, IBM and others should help 
Viador as the portal market begins to gel this year. 

DataChannel *** Until about 18 months ago, DataChannel — one of the true 
innovators in XML-couldn't execute on that strength and failed to gain 
traction in the marketplace. Now, under the leadership of seasoned 
executive Lucie Fjeldstad, it has homed in on corporate portals and 
surprised many with significant wins at General Motors, AT&T, and other 
companies, as well as a partnership with IBM. 

EMC *** With its Data General acquisition, EMC becomes the clear market 
leader in traditional high-end and midrange storage technology. However, 
although it's been an exceptionally well-run company, we believe that EMC 
will have an increasingly hard time maintaining its very high prices and 
margins as market changes accelerate. In particular, some serious price 
erosion may begin to take place this year, and the company needs to get 
into new markets like network-attached storage (NAS) and caching-and do it 
quickly . 

Storage Technology ** StorageTek has some solid offerings, including 
storage-area network capabilities, storage — management services, and "by 
the drink" outsourced storage. However, the company has been substantially 
weakened by other missteps and by an overall lack of product vision. Like 
EMC, StorageTek has almost no presence in new markets such as caching and 
NAS. The storage market is being dramatically changed by the Internet, but 
StorageTek has missed most of the revolution. There's still time to awaken, 
but the clock is ticking. 

Red Hat *** Red Hat maintains a healthy lead as the dominant commercial 
Linux distribution provider. Following its acquisition of Cygnus Solutions 
it now has more than 400 employees, and it positions itself as a one-stop 
provider of Linux tools, applications, and support services that run on 
anything from embedded devices to enterprise servers. Its wildly successful 
IPO shocked investors and ClOs alike-not bad for a company whose fiture 
rests entirely on its ability to deliver and differentiate itself by 
packaging documentation, support, drivers and content around a free 
operating system kernel. Like many other commercial open-source vendors, 
Red Hat walks the fine line of genuflecting to Wall Street while keeping 
the open — source community happy, but just how long it can maintain this 
balance remains to be seen. What cannot be refuted are Red Hat's strong 
partnerships with OEMs like Intel and Dell Computer and with large ISVs 
such as Oracle. Its ability to gain similar momentum among VARs and build 
its support-services organization through such relationships may ultimately 
determine the company's fate. After all, we know that it's not making much 
revenue from the OS. 

VA Linux Systems ** So this unprofitable company produces a few relatively 
inexpensive hardware form factors bundled with Linux and support 
services-and that warrants its $7 billion market capitalization? It must be 
the name. We wonder how its IPO would have fared if the company were still 
called VA Research. You've got to hand it to Larry Augustin, though: He has 
established VA Linux as an innovator with first-mover advantages, 
especially in the regional Internet service provider market. The question 
we still ask ourselves, however, is how long the company can maintain this 
advantage with the likes of Dell, Compaq, and Sun following right behind? 
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The answer: Probably not very long. 



Caldera Systems ** Caldera is the second most prominent vendor in the Linux 
market. Its Linux distribution competes with those of Red Hat, SuSE, and 
TurboLinux. Like these other vendors, Caldera faces the risky business 
model of packaging and selling support services, applications, tools and 
documentation around a free operating system kernel. Smaller companies may 
find its "Linux for e-business" pitch appealing, but for larger companies 
it is just noise. The key factor in determining Caldera's success rests on 
whether the VAR channel buys into its story. Caldera does not have the 
presence that Red Hat does among OEMs-and let's remember that the key word 
here is not "Linux" but "distribution." That said, Caldera has been very 
successful in the channel so far, particularly among VARs that cater to 
small and midsize businesses. 

Tumbleweed Communications *** These folks move fast. We wish that 
Tumbleweed would have held off its IPO last summer, but otherwise it has 
been making tracks. Like many other aggressive companies, Tumbleweed has 
developed a platform-in this case for next-generation, secure messaging. It 
turns out that plain-vanilla e-mail just isn't secure enough for some 
companies, spurring growth in this new market. We expect that Tumbleweed 
will keep on rolling. 

Critical Path *** Early into the IPO mania of 1999, Critical Path leveraged 
its huge market cap to rapidly capture new technology and customers in the 
e-mail outsourcing market. As the fastest-growing player in hosted e-mail — 
one of the simplest of applications — it is in a strong position as it 
enters 2000. However, its bigger challenge is now to compete more broadly 
in the ASP marketplace with more — complex applications, including 
e-commerce, ERP, and CRM. The opportunity is there, but Critical Path needs 
to move quickly. 

USA. Net *** The first player in outsourced e-mail, USA. Net has maintained 
its lead against Critical Path's moves-and partnerships such as with 
America Online 's Netscape have helped. The challenge going forward lies in 
the company's maintaining its lead against the more aggressive competition. 
As with Critical Path, this is true not just with e-mail, but in the broad 
and wildly competitive ASP marketplace as well. 

APPLICATIONS AND COMMERCE 

In 1999 efficiency-oriented investments in back-office ERP and financial 
systems went quickly out of style as CRM moved in. And this battle moved 
rapidly to the Internet. Why? Because increasingly that's where the 
customers are going: the Yankee Group forecasts that much of this 
transition to the Web will take place over the next 24 months. 

A few other big buzzwords also became popular last year. First of all, the 
business-to — business sector has served up a bumper crop of blockbuster 
IPOs in terms of both applicaton systems and e-market offerings. And of 
course, there is much hype-although precious few customers as yet-around 
the whole "software to services" transition as application service 
providers (ASPs) change the entire software business model. 

MARKET PROJECTION 

PLATFORMS AND TOOLS 

STOCK PERFORMANCE 

Over the past three years, we have seen an explosion in the number of 
business models that define how software companies operate and compete. 
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Some of the new models-such as ASPs with software rental, digital 

through a Web site-result in companies that are not generally recognizable 
as "software developers"; indeed, the newcomers may not identify their new 
ventures as software companies. Examples of the new breed include Internet 
market makers like Chemdex and MetalSite, as well as portals such as 
Works.com and MySAP.com. Yet these sites can, and probably will, develop 
into companies that deliver application functions for businesses and 
consumers-challenging or replacing some types of software sold and 
installed in the traditional way. 

The big question remains whether the ASP phenomenon is a passing fad, or if 
we are seeing the first Amazon.com scenario for the software industry. Will 
traditional software companies, their salespeople, and channels be 
challenged by online portals selling similar functionality on a per-dick 
basis? Perhaps. But don't discount the strength of the incumbent 
heavyweights, particularly those in the ERP and CRM markets. These 
companies are bouncing back with their own online strategies. Newcomers may 
find them tough to beat . 

Contributors Robert Miram, Chris Selland, Harry Tse, and Lisa Williams 

SA p **** sap, the leading ERP vendor, is used to having a target on its 
back, but now the tables have turned. It lags in emerging areas such as CRM 
and electronic commerce. Money helps, but time is the larger concern here. 
Nonetheless, with Y2K concerns having faded, SAP's core business should 
pick up, giving the company a window of opportunity to regain lost ground. 
Never count this giant out, particularly given its dominant market share 
and customers determined to maximize ROI on some very heavy investments. 

PeopleSoft * We told you so. This was what we said last year: "Unlike 
manufacturing and financial applications, human resources software 
(PeopleSoft ' s bread and butter) only needs to be replaced every 10 years or 
so. Can you spell saturation? ... It only gets harder from here." It more 
than got harder-PeopleSof t hit the wall. Its failure to put together the 
online business portal PeopleSoft Business Network is embarrassing. Can new 
CEO Craig Conway keep this ship afloat? Maybe. Will the company's purchase 
of dying CRM vendor Vantive make a difference? Doubtful. 

Siebel Systems *** We can repeat almost everything we said about Siebel 
last year. The company is now clearly the gorilla of the traditional CRM 
market, steamrolling over challengers such as Clarify and Vantive. Still, 
it can't keep growing 85 to 90 percent annually in a market that's 
expanding about 50 percent a year, so expect some big acquisitions in the 
near future. Siebel has proven to be a good headhunter, too: The company 
hired enough executives from SAP to form its own football team. Big 
challenges lie ahead-including building (or more likely buying) a real Web 
business, and dealing with a reinvigorated and pissed-off Oracle. 
Nevertheless, Siebel is up to the challenge. It plays rough, and it plays 



Oracle *** President Ray Lane (and CEO Larry Ellison, too) got the job done 
in 1999, and Oracle had a banner year. First, the database market bounded 
back. Second, its thin-client-based applications are-finally-getting 
traction as a piece of Ellison's Network Computer vision comes true. Its 
Oracle Business — OnLine ASP/digital-marketplace landlord strategy is 
gaining a foothold as well. All of a sudden Oracle is an Internet company. 
What a difference a year makes. The biggest issue that Oracle faces this 
year is minimizing the damage that its push in applications is having on 
its database business, as competitors (but former database customers) such 
as SAP and Siebel aggressively jump into bed with alternatives, notably IBM 
and Microsoft . 
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J.D. Edwards** Who knew that enterprise software could be so boring? 
Despite the company's lack of flash, however, its fanatically loyal 
customer base, rock-solid products, and stable culture bode well for a 
post-Y2K turnaround. It still owns the middle market, and its alliances 
with heavy hitters such as Siebel Systems and Ariba will help J.D. Edwards 
gain enterprise attention, as will its well-deserved reputation for 
delivering products that just plain work. 

VerticalNet * * * VerticalNet is an early leader in the rapidly emerging 
business-to-business marketplace arena. As a B-to-B exchange network that 
provides more than 50 industry-specific content and community sites, the 
company is shaping up to be a leader in the vertical-marketplace segment. 
Until now its focus has been on providing trade — oriented content and 
bringing together niche communities (much like an About.com for industry) . 
But the company is now moving to the transaction side of the business, 
using its core "eyeball assets" to make the cash register ring. Its 
December acquisition of NECX Exchange, an online marketplace for electronic 
components and networking products, will help build this end of the 
business. Although it's still too early to call it the winner, 
VerticalNet ' s momentum gives it an edge. 

Tradex Technologies ** As long as there are gold-miners in the B-to-B gold 
rush, Tradex will be selling them picks and shovels in the form of a 
leading-edge e-marketplace-in-a-box . VerticalNet, a major player in the 
B-to-B portal area, will use Tradex ' s platform. Not a bad endorsement! (As 
UPSIDE went to press, Ariba announced an agreement to acquire Tradex.) 

Ariba ** Ariba built a great story on a simple message: Large companies 
spend big bucks buying indirect goods (read: paper clips) and can save a 
lot of money by automating. The tale worked great, even if the 
not-quite-ready-f or-primetime Java architecture didn't. Also, Ariba was 
smart enough to put its dot-com strategy into high gear by moving into the 
marketplace business. But hold the hype7-the company is still missing a 
number of key technologies to operate as a fill-service marketplace 
operator. The recent acquisition of auction software vendor Trading 
Dynamics may be the first of many that Ariba will bankroll with its stock 
currency to fill some major gaps. Even without smart acquisitions, though, 
look for Ariba to garner $70 million in revenues and a market valuation 
high enough to fund the United Nations. For such momentum to last, however, 
the company eventually will need to move beyond paper clips. 

Commerce One *** Like Ariba, Commerce One is the developer and operator of 
an Internet-based, global business-to-business procurement network-- like 
an EBay for B-to-B commerce. Unlike other consumers though businesses need 
an automated order-fulfillment and order-flow system. Because the B-to-B 
market is at least 10 times bigger than the business-to-consumer market, 
Commerce One's early lead could turn into major cash. The company just 
announced a joint venture with General Motors to create an electronic 
automotive-trading marketplace based on Commerce One's MarketSite platform. 
With its hosting business gaining momentum as well, the company is right in 
the thick of the action-and where most of its rivals want to be. 

Intelisys ** Intelisys attracts a lot of attention, although competing with 
Ariba and Commerce One makes the company about as noisy a place as it could 
be. The investment firm Forstmann Little just gobbled up a third of 
Intelisys for $65 million, and could become its top salesman. Such a move 
was necessary, because although Intelisys has solid technology, it's also 
all but unknown. Chase Manhattan, another big — name customer, will launch 
a marketplace before year's end that will let its business-banking clients 
buy and sell goods and services over the Internet with other members of the 
Chase community. Still, Intelisys needs to get big and get known quickly. 
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NCR ** Is this company hot? Well, it's at least getting warm. All these 
years after AT&T bought it and screwed it up, NCR is still reinventing 
itself Fortunately it has focused its attention on the right place-data 
warehousing for the CRM market — and its message is catching fire. NCR was 
doing marketing automation before the industry existed, with pioneering 
customers including Wal — Mart. But it needs to move more rapidly to keep 
up with fast-rising competition such as E.piphany, Broadbase, and Exchange 
Applications. Nevertheless, NCR is entrenched in the blue-chip market and 
continues to get better. 

Pivotal *** With its nice hybrid CRM/electronic-commerce strategy, Pivotal 
should emerge as a major winner as corporate CRM and e-commerce strategies 
converge. Devoted to the mid — market but having beaten big players like 
Siebel more than a few times, the company has an experienced management 
team that's been there, done that. Pivotal remains relatively unknown, but 
as it continues to win deals in not one but two red-hot markets, that 
anonymity will change. 

Onyx Software ** Trying to wear the white hats in a black-hat business, 
with solid products and mostly happy customers, Onyx hasn't been growing as 
rapidly as its competitors. The company refuses to sling mud to win 
deals-laudable but perhaps ill-advised in a take-no — prisoners CRM market. 
Onyx is growing well, but it needs to become a little less nice and a bit 
more focused to truly reach the top tier. 

BackWeb Technologies * * Push isn't dead-it's just evolved into the CRM 
market, according to this longtime advocate of the technology. We agree. 
BackWeb has done a great job of "productizing" push and creating a unique 
value proposition. A few solid alliances (such as SAP and Baan) have 
helped. It's still a niche player, but one with big potential in a $9.3 
billion market. 

Nortel Clarify ** Clarify CEO Tony Zingale won our turnaround award last 
year, and this year he gets our "Got Out at the Top" gold medal. It's hard 
to screw things up in a market as hot as CRM, but the previous management 
team did just that-and Zingale did a tremendous job of catching this 
falling knife and timing the company around. Still, ClaWs near-death 
experience cost it too many good people and put it behind in the 
client/server-to — Web technology transition. Thus, when Nortel Networks 
came calling with $2.1 billion, Clarify wisely recognized that things had 
gone about as far as they could and the money was too good to pass up. 
There are strong opportunities for the combined entity in verticals like 
telecom, and an ASP play may be in the works, but Nortel has its own 
serious catching up to do in CRM. 

E.piphany **** Epiphany looks like the early winner in the marketing — 
automation arena. Its integrated-analysis and reporting platform with rapid 
implementation means that companies can act more rapidly on key information 
about customers. We were indeed skeptical when former KPMG honcho Roger 
Siboni took over the company, but he has proved that our skepticism was 
misplaced — Epiphany is on fire. Its acquisition of RightPoint brings both 
strong, complementary management and a great team. Drop the gratuitous "E . " 
and we'll be even happier. 

Broadbase Software ** Broadbase is another strong turnkey platform 
proposition like Epiphany, although not quite as integrated or as polished 
in its marketing. Its acquisition of Rubric strengthens Broadbase ' s play in 
the hot marketing-application space and makes the race a two-horse show 
with Epiphany. Rubric, however, will need to be str ip-mined-and the 
integration effort may not be trivial. Broadbase has a good understanding 
of CRM, which is a growing play in e-commerce, but management needs to show 
that it can take the company to the next level. This is particularly true 
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of Rubric's managers, who had been very good at PR but not nearly as good 



Kana *** Kana took an early lead in the market for Webbased CRM, with a 
particular focus on e-mail. Having a great product, a fine reputation, and 
backing by Benchmark Capital doesn't hurt, either. The management team 
wants to be the gorilla of Web CRM. Kana is putting its market 
capitalization to good use with three highly complementary, well-focused 
acquisitions in the past six months (Connectify, NetDialog, and Business 
Evolution). No doubt, more are pending. But there's no guarantee that Kana 
will own this market-it's way too early to tell-but the company is off to a 
great start. The biggest threat will be the communications giants making 
their way toward Web CRM-part icularly Cisco, which is moving fast and 
furious. For now, though, Kana is clearly ahead of the pack. 

MarketSoft * * * This hot startup has a very strong and focused value 
proposition for companies that sell through indirect channels (in other 
words, practically all of them) . So far MarketSoft has a strong leg up on 
other rivals with similar technology for indirect channels, because it 
knows how to sell to the big companies (like Compaq and Covad 
Communications), and it employs the right decision makers. Most of the 
competition will end up as roadkill for the traditional CRM giants that 
build their own modules or acquire them, but MarketSoft looks to validate 
this space in 2000. 

Ask Jeeves ** Can Ask Jeeves grow into a CRM market leader? The answer to 
that query is uncertain. Few people recognize that Ask jeeves has 
aspirations well beyond being a question-answering butler-this servant 
wants to own the mansion. Another early Web CRM leader with a long road 
ahead, it's at least on the right track, with its recent acquisition of Net 
Effect and recognition of the need to provide both automated and live help 
for the next generation of Web customer service. 

Octame Software ** Yet another Web CRM contender, Octane boasts a solid 
management and engineering team consisting primarily of refugees from 
Siebel and Scopus. It also has a good product and alliances with growing 
market presence. Octane doesn't have far to go to get into the top tier, 
although it needs to make the leap sooner rather than later. If the company 
can execute successfully on plans to be the standard CRM application for 
ASPs hungry for real Web-centric applications (instead of fat, expensive 
legacy apps under a browser interface), leadership is just around the 

Aspect Communications ** Here's a case of the nice evolution of an old-line 
call-center vendor into a modern CRM system provider. Aspect's Customer 
Relationship Portal holds promise, as does the company's experience with 
call — center-to-Web integration. In the call-center space, Aspect has 
always been a leader in customer satisfaction, and it maintains a loyal, 
blue-chip customer base. As with so many companies in this space, it 
remains to be seen how much Aspect can deliver on all its grand product 
ideas, but organizationally it has become a lean, mean selling and 
marketing machine modeled on enterprise heavyweights like Oracle and 
Siebel. That alone takes it far beyond the old telephony world and gives it 
a boost in an increasingly crowded space. 

Silknet Software * * Web CRM mover-this one out of the CMGI stable-Silknet 
has built presence in support, sales and e-commerce markets in a 
surprisingly quiet but effective way. It has the most complete and 
well-integrated Web CRM system on the market today, with customers raves 
and growing recognition. Beefing up Web-based live help and telephony 
capabilities (to meet the onslaught of the Kanas and the Ask Jeeveses of 
the world) is all that's needed. Wall Street is beginning to notice that 
one of the first Web CRM companies is also possibly one of the best. 
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Calico Commerce ** Calico had one of the more successful IPOs of 1999, 
although few people really understand what it sells. Its primary 
technology — product configuration-is as old as the hills and has always 
promised more than it delivered. Despite its age, however, product 
configuration appears to have found a home for itself on the Web. As with 
competitors Selectica, FirePond, and Trilogy, 2000 will be a make-or — 
break year for Calico. 

FirePond ** Arguably Calicos closest rival, FirePond recognized that its 
own technology was getting long in the tooth and fundamentally rebuilt it 
last year. With its unique combination of cutting — edge technology with 
one of the longest histories of any software company (founder Jerry Johnson 
built the first version of the product to sell tractors in the 1970s), 
FirePond' s strategy could pay big-time dividends this year. Although 1999 
may have been the year of customer service on the Web, FirePond stands 
ready to reap the rewards as selling takes precedence in 2000. 

Exchange Applications ** The pioneer in defining the space for automated 
marketing through offline channels such as call centers and direct mail, 
Exchange Applications boasts a roster of high — profile customers, 
including FleetBoston Financial and US West. Barely a year after going 
public, EA lost a little thunder as turnkey platform plays like E.piphany 
and Broadbase stole the marketing spotlight with their stratospheric market 
valuations. Although EA remains the leader and favors major customers, 
large contracts and lots of services, it needs to move more fleetly and 
establish a much stronger Web identity as marketing continues to be 
redefined by the Internet. Buying an e-mail hosting company (GBI Software) 
was a start, but much more is needed. 

Prime Response *** Right behind Exchange Applications in providing powerful 
marketing software for companies doing lots of phone and direct-mail 
marketing, Prime Response is building a better Web story (for now) . Lots of 
personnel turnover in 1999 and some unhappy customers almost led to 
disaster, but the company appears revitalized and has a nice Andersen 
Consulting equity investment to show for it, with Andersen no doubt hoping 
that Prime Response turns out to be the next Siebel . The Web story is off 
to a good start with first customer Priceline.com, and Prime may use a 
public offering to establish leadership in an increasingly Web-centric 
category. Or it may get acquired as other CRM giants get religion on 
marketing . 

Fourthchannel ** This electronic — commerce vendor has a simple yet 
powerful product aimed at small to midsize businesses. If e-commerce for 
the masses is to emerge, Fourthchannel may have found the way to do it — 
especially if it can build the hosted model that the midmarket so craves 
and roll out a solid, powerful, and easy-- to-use system to boot. 

Sterling Commerce *** Unlike most e-commerce companies, Sterling has big 
revenues. Its transition from an electronic data interchange (EDI) to a 
B-to-B commerce company is happening, albeit not without stumbling blocks 
such as a fumbled XML strategy. The company needs to be more decisive in 
driving business from the old model to the new. But EDI will provide a 
steady stream of revenues to smooth the rough transition. Services are 
becoming an increasingly large portion of the mix, and 2000 will be the 
critical year if Sterling truly wants to be known as an Internet play 
rather than a legacy EDI provider. We think it could go either way, 
although we're leaning toward optimism. 

Harbinger * Although it bet big on the EDI business and lost in 1998, 
Harbinger has been able to reinvent itself as a service provider for B-to-B 
transactions. Its Harbinger.net trading network is gaining traction. 
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Nothing motivates a company faster than a near — death experience. As with 
Sterling Commerce, 2000 will be a make-or — break year for Harbinger. 
Because the company is smaller and perhaps a bit more nimble than its 
rival, we are cautiously hopeful; however, there's also a much smaller 
margin for error. 

12 Technologies ** Yes, you read this right-I2 is an e-commerce company. 
Here's the value proposition: 12 is building a marketplace called 
TradeMatrix that uniquely uses its advanced optimization and execution 
capabilities from its core supply-chain optimization product to improve 
decision-making across digital marketplaces. Get it? Don't feel bad if the 
answer is no, because part of 12 's pitch has always been, "You're not smart 
enough to understand this stuff, so just pay us a lot of money to do it for 
you." Well, the strategy has worked, and it's safe to say that 12 holds the 
leadership position in supply-chain management. But penetrating new markets 
such as CRM will be much tougher. 

Nonstop Solutions ** Nonstop helps Longs Drug Stores figure out just how 
much Prozac and Prilosec to buy for its network of pharmacies-and not a 
milligram more. By using a little mathematics rocket science, Nonstop frees 
up operating capital for its customers by reducing inventory while making 
sure the right products stay on the shelf. The company is also the 
mastermind behind keeping online retailers such as Drugstore.com in tip-top 
inventory condition. But you can't buy a license of Nonstop's wares, or 
install it on your new server. It's strictly remote-with prices closely 
based on customer success. The challenge is whether clever little Nonstop 
will get the big, slow-moving traditional retail segment into high gear. If 
its clients don't move quickly enough, the company will either need to find 
another market space or resign itself to being a niche player. 

SERVICES 

The year 1999 was an interesting, tumultuous period fraught with change for 
the IT services industry-a time of transition for traditional service firms 
and a launch year for the new breed of Internet systems 

integrators/innovators that have established a major beachhead in corporate 
consciousness. It was also a sorting-out period for enterprises. Key buyers 
of technology services are signaling that Y2K effects and the related 
slowdown in new application initiatives are ending, and that the demand for 
IT services will regain its fast pace in mid-to-late 2000. 

MARKET PROJECTION 

APPLICATIONS AND COMMERCE SYSTEMS 
STOCK PERFORMANCE 

For most of the traditional IT service buyers, the key driver in 1999 was 
the value proposition associated with becoming a hybrid click-and-mortar 
entity. The spotlight this year will be on managing Internet data centers, 
providing application services over the Web, custom-managed application 
services, and distributed infrastructure outsourcing. Enterprises are 
strategically focused on accruing both intrinsic profit-based value and 
external market-based valuations. It is this engine that will fuel 
systems-integration growth rates of more than 17 percent in 2000, with 
Internet integration growing three times faster. 

Last year Internet integration firms-mostly new, some traditional-became 
more adept at speedy delivery of shorter-term, fixed-price, fixed-time 
projects even as many traditionalists were preoccupied with continuing work 
on Y2K, enterprise resource planning (ERP) and other legacy projects. 
Innovators not only were delivering Web sites, but were also moving up the 
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value chain and delivering e-business systems. 



In this year's enterprise market, expect the pent-up demand for new IT 
implementations to take center stage. In the post-Y2K era, the buy decision 
for IT services will be influenced considerably by enterprises' needs for 
Internet infrastructures and applications. To meet this demand, 
traditionalists such as EDS, Computer Sciences, Compaq Computer, and 
Hewlett-Packard-all with varying levels of skills in the integration 
continuum-will acquire, develop or roll up consulting skills and attempt to 
scale the innovation mountain. 

Meanwhile, newer innovators like Viant, Scient, and Sapient are rapidly 
moving up the systems-integration food chain, but the pressure will be on 
to show that they can handle complex projects and seamlessly tie front — 
end systems into the back end. 

One strategy is to focus on the dot-com startup market rather than on 
legacy customers, but there is almost never much money available as payment 
here (though potentially lots of stock) . Thus, many of these players are 
looking as much like incubators as integrators. 

What drives services more than anything else is a shortage of skills: The 
biggest obstacle to growth for almost all of these companies lies in 
attracting and retaining employees that "get it" as well as love it. The 
good news is that the customers have it even worse, so the services 
companies will still have strong demand for their services. 

Contributors Gopi Bala, Andy Efstathiou, Perry Harris, Michele Pelino, and 
Chris Selland 

Scient *** The class act among the new breed of systems innovators, Scient 
has an incredibly powerful brand and management team for such a young 
company, and a customer base to die for. We used to think it had a chance 
to be the next EDS, but it could be even bigger. Scient 's most pressing 
problem is a very crowded market space with low barriers to entry and 
limited talent availability, but the company's rivals face the same set of 
issues. As long as it continues to execute, Scient should only get 
stronger . 

Sapient *** Sapient has transformed itself from a client / server development 
shop built on the backs of 24-year-olds working triple shifts into a true 
e-business innovator. Its smart, balanced acquisition strategy of 
Web-design shops such as Studio Archetype and Adjacency is paying off, 
making Sapient an Internet player despite some personnel defections. The 
company is extremely well managed, with some of the lowest staff turnover 
in the industry. 

IXL Enterprises ** As one of the two largest "roll-up" companies-a 
conglomeration of acquired companies, (a model about which we are skeptical 
because the parts usually don't mesh well) -IXL proves the adage that bigger 
is not necessarily better. If it can't do a better job of holding on to 
staff this year and building its culture, IXL:s wheels could very well fall 
off The company needs to move very quickly to gain the cohesive focus and 
staff that organically grown competitors such as Scient and Viant bring to 
bear. If IXL doesn't do this soon, look out below. 

Whittman-Hart ** Until it bought the other big roll-up, USWeb/CKS, in 
December, Whittman-Hart was a clean and organic growth story in back-office 
integration. Wall Street hated the USWeb/CKS deal — and for good reason, as 
it made little strategic sense. As with rival IXL, staff retention is a 
huge problem. If this acquisition works in the long term, we'll stand 
corrected, but it looks to us like a desperate "get big quick" move that is 
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doomed to backfire. 



AppNet ** Here's a roll-up that is working, probably because AppNet ' s pace 
has been measured enough to achieve the culture and focus that its rivals 
seem to lack- The company has the early momentum and customers, although it 
is up against some very tough competition and can't afford to slip if it 
wants to play in the top tier. 

Diamond Technology Partners *** Excellent strategic depth and expanding 
implementation skills give Diamond great potential. The company competes 
with Scient and with McKinsey & Co. itself for the title of "McKinsey 
of the Internet," and it has taken an equity stake in several deals-the 
ultimate sign of faith in one's work. 

EDS *** Your father's traditional outsourcer, EDS has made the turn and is 
moving heavily into the e-sourcing world. Its pace, very slow at first, has 
quickened considerably since new CEO Dick Brown took the reins. Now its 
challenges have shifted externally: Moving its tradition-bound customer 
base will be the toughest part of EDSs e-business transition. It's no 
secret that fundamentally changing an existing company can be much harder 
than starting a new one-but if anybody can do it, EDS ' s Brown can. 

Computer Sciences Corp. *** Like EDS, this company is moving ahead-with new 
initiatives, but its legacy customers are slow to move with it. CSC gets 
extra credit for putting animosity aside and going ahead with a partnership 
with Computer Associates: It takes both guts and business acumen to partner 
with a company that has previously attempted a hostile takeover. To be 
honest, we don't see CSC as much of a Web innovator; however, its existing 
business should remain strong, and its blue-chip appeal is only growing. 

Andersen Consulting * * * * Andersen has obviously been quite successful, 
and it has also created a strong focus on e-business. The bad news is that 
its senior partners are in extremely high demand and are bailing in droves 
to join dot-coms. There will always be a blue-chip market, but Andersen 
needs to reinvent itself to stay a leader in the e-sourcing revolution. The 
major loss of staff at the lower levels — often the people who best 
understand the Internet-must be stanched. 

KPMG *** Excellent leadership and new services bode well for a potential 
IPO. Cisco Systems' investment of $1 billion helps, but KPMG needs to stay 
focused on execution. After all, money may be nice, but delivery is what 
customers really care about. Still, the firm has embraced the Internet more 
aggressively than its competitors and is the best-positioned of the Big 
Five consulting firms in the e-sourcing world. 

PricewaterhouseCooper s *** Although it is a thought leader with good 
consultants and great brand-name customers, PricewaterhouseCooper s lags in 
electronic commerce and e-business. It must stop sitting on its good 
reputation and get with the revolution; otherwise its market position will 
continue to erode. We think the company will take advantage of its fine 
reputation to get back in the game. 

Unisys *** It is winning deals with strong value proposition, and it has a 
good server lineup to boot, but Unisys still has difficulty selling outside 
its installed base because of its proprietary high-end platforms and 
associated independent software vendor (ISV) systems. To continue the 
impressive turnaround that's happened thus far, CEO Lawrence Weinbach and 
team need to start taking share, not just retaining it. And they can do it 
if they keep leveraging their expertise with Windows NT, distributed 
services, and outsourcing support 

Science Applications International Corp. *** The government contractor is 
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broadening its commercial lines of offerings, but it needs to pick up the 
pace: Private industry simply moves much faster. SAIC has acquired 
technology companies (Telcordia/BellCore and Broadway & Seymour) to 
build its advisory value to private industry. The cultures still do not 
quite fit, but SAIC has been shifting to more of a private — sector outlook 
than before, and it should be able to pull off the transition. 

Groupe Bull ** Bull has been struggling with the issue of French government 
divestiture of ownership. The company's BullSoft, Public Sector, and 
Integration Services units are points of light that have propelled it 
forward even as its mainframe business has declined. But Bull needs to move 
more quickly out of hardware and focus all efforts on its successful 
software and service businesses, which cater to very large organizations. 

Cambridge Technology Partners * See, being early isn't always best. 
Cambridge thought it could apply what worked in client/server projects to 
the Internet — and failed miserably. It is now desperately trying to hold 
on to what's left of its employee base, but the horses are rapidly leaving 
the barn. The company's market presence is eroding just as quickly. So is 
its ability to compete and win, which makes the likelihood of its being 
acquired this year quite high. Better move fast, because at the rate that 
people are leaving Cambridge, there soon might be nothing left of it to 

Viant ** Despite the name similarity and the same founder, Eric Greenberg, 
this company has little else in common with Scient . Viant has hewn 
surprisingly close to the now-failed Cambridge Technology Partners' "fixed 
price, fixed time" model as applied to Web-based projects. To us, it still 
has a great deal to prove . 

Keane *** Although it faces a difficult transition from Y2K specialist to 
e-business integrator, Keane is doing a reasonably good job of it so far, 
and also has made a few smart acquisitions (Fourth Tier and Emergent among 
them) . But the company still has a long way to go. Nevertheless, we think 

that the management team is up to the task and the fact that they mostly 

came from Keane ' s own ranks makes stability something of a given. 

Getronics Wang ** Europe-based Getronics has acquired Wang Global, which 
was losing money but gaining market share in the low-margin end of the 
services marketplace. Getronics was very profitable on much lower revenues, 
and it has already started restructuring aggressively to cut expenses and 
leverage its technical strengths. This acquisition looks like one that will 

Syntel ** Syntel has moved out of the Y2K remediation business into 
e-business projects. Its value proposition: "Fast results at lower costs." 
It should prosper in the lower-margin side of this business, where quick 
results matter more than thought leadership. 

Primix Solutions ** Primix took a failed software company (OneWave) and 
turned it into an e-sourcer . Although still small, Primix is growing and 
well-positioned as it combines skills in e-business strategy, digital 
branding, and hard-core systems integration. Its nice blend of skill sets 
makes it a likely buyout candidate, because in this rapidly expanding 
marketplace the talent shortage remains a bigger obstacle than lack of 

Cotelligent ** This staff -augmentat ion company is fighting hard to move 
into e-sourcing so that it can avoid continued branding as a "legacy" 
company and also to increase its market valuation. Cotelligent has 
developed a plan, an in — house methodology and a portals practice to turn 
client firms into e-businesses. The company has brought in new management, 
but sustained execution will be key to its success this year. 
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IDS Scheer ** A new focus on services, great tools, and an excellent 
methodology should help IDS Scheer acguire more of a name in the United 
States. Its dependence on SAP is loosening, fortunately. IDS is a name we 
should hear more often. 

PKS Information Services ** Although it has undergone major restructuring 
changes in the past year and has good outsourcing and integration 
abilities, PKS must put the restructuring issues behind and move more 
rapidly into e-sourcing. 

Zefer * You're kidding, right? A couple of kids fresh out of Harvard 
Business School sketch up a plan for an Internet services company (gee, 
there are only, what, thousands of those?) and raise $100 million? It all 
seems like a bad dream. Wake us when it's over-or at least when Zefer makes 
a significant deal or two. For the last year we've seen nothing but hype. 

StorageNetworks * * Its unique approach to storage points of presence 
offers e-business customers more cost — effective systems for their 
remote-storage needs, as well as access to peak-load storage in which 
customers pay only for what they use (in other words, storage outsourcing). 
StorageNetwork ' s model is an innovative one that may take off, depending on 
the market's willingness to accept the concept of remotely located storage 
and to believe that the security of mission-critical data will remain 

Exodus Communications **** who hosts the big guys? Exodus. This service 
provider to the stars is the leading colocation Web-hosting service 
provider of Web giants such as EBay, Lycos, MSNBC, and Yahoo. We also like 
the company's new globalization focus and its expanded service offerings, 
which give it economies of scale and scope that will be hard to match. 
Exodus' recent purchase of Service Metrics and a new partnership with 
Inktomi expand its offerings and move the company into hot new areas, 
including traffic analysis and content delivery. If it can keep up with 
market growth-thus far its Achilles' heel, as service outages and network 
problems have been far too numerous-Exodus will be tough, if not 
impossible, to catch. 

Intira ** Attempting to go Exodus one better by moving beyond colocation 
and first-generation hosting, Intira is perhaps the best example of what we 
call the "Netsourcing" model: Rather than providing a cage and a couple of 
plugs for your server (a la Exodus) , a Netsourcer provides everything but 
the app . In a hotly competitive hosting market, Intira offers a value 
proposition that we believe is differentiated enough to command attention, 
despite tough competition from Exodus, Intel-which is entering the market 
with a similar value proposition-and many, many other companies. Bottom 
line: The outsourcing of e-business infrastructure is still in its infancy, 
and right now there is more than enough room for a new player with strong 
management and the right focus. Intira has both in spades. 

USInternetworking ** The self — proclaimed inventor of the application 
service provider (ASP) market, USinternetworking has thus far overpromised 
and underdelivered . If it doesn't get its act together-and quickly-it could 
tar the whole ASP sector. Two big questions for 2000: Will ASPs be as big 
as their hype, and will USinternetworking still be around at year-end? Big 
bucks invested in both questions argue that the answer is probably yes, but 
the outcome remains questionable. 

FutureLink ** This ASP pioneer has some good ideas, such as taking any apps 
and Web-enabling them, along with aggressive execution. FutureLink has new 
management and good alliances, but the field is rapidly becoming saturated 
and the market isn't nearly big enough to support the croearly lead may 
fade if it fails to move very quickly. Its strong relationship with thin-- 
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client technology provider Citrix Systems is key: Both companies are and 
will probably remain closely linked (do we smell a merger?), and they 
should succeed or fail together. 

Telecomputing ** This is a name you should be hearing much more often-a 
European ASP making moves in the U.S. market. Although it needs stronger 
alliances and branding to develop a presence here, Telecomputing has more 
customers and experience than most. The key will be in building its brand 
and presence in the United States before its many less-experienced but 
better-known domestic competitors catch up. We think that Telecomputing is 
up to the task. 

NEXT-GENERATION NETWORKS 

After years of hype, the equipment market for digital subscriber line (DSL) 
technology truly emerged in 1999. SBC Communications and Bell Atlantic 
announced massive infrastructure rollout programs, spurred by the threat of 
cable-modem services for consumers as well as competition in the business 
arena from data-focused competitive local — exchange carriers (CLECs) . 
Prominent among this new breed of service provider are Rhythms 
NetConnections, Northpoint Communications, and Covad Communications. 
Benefiting from this activity are makers of DSL access multiplexers 
(DSLAMs), such as Alcatel, Cisco Systems, Copper Mountain, and Nokia, which 
build and sell equipment that terminates DSL connections. 

MARKET PROJECTION 

SERVICES 

STOCK PERFORMANCE 

In addition to laying the groundwork for DSL services, the industry is 
anticipating the delivery of packetized voice service over DSL connections. 
This reflects a larger overall communications strategy of unifying services 
to cut operating costs and use existing infrastructure. Key hardware 
vendors include Jetstream Communications, CopperCom, Efficient Networks, 
and TollBridge Technologies. 

The Internet router market finally has competition for the first time: 
Cisco Systems now shares the space with Juniper Networks. Both companies 
are enjoying strong sales growth for their respective offerings and have 
products deployed in operational networks. Meanwhile, large traditional 
telco vendors like Lucent Technologies, Siemens, and Ericsson have picked 
up the top router startups. They realize that data-not voice-equipment is 
what will fuel future sales growth. The windows of opportunity open and 
close quickly, very much favoring the incumbents. 

The future needs of the overall Internet router market will be dominated by 
two factors: ever-increasing speed and extremely stable, sophisticated 
value-added software. Higher speed is more dominant in the core market 
segment, while software is more dominant in the edge segment. The overall 
market requires that vendors be able to provide customer solutions in 
"Internet time." New entrants can get into the market by leapfrogging the 
competition in performance, or by offering a broad range of products (such 
as voice-related or Sonet multiplexers) sold as a bundle with Internet 
routers . 

This year, the core market will move from OC-48 speeds to OC-192, a 
fourfold increase. Cisco and Juniper are well-positioned to capture much of 
this market, with Lucent representing the strongest outside competitive 
threat. The edge market will be characterized by software-rich, highly 
scalable products. Best positioned are new offerings from Siemens Unisphere 
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Solutions (through its Redstone Communications acquisition), from Nortel 
Networks (through its Shasta Networks acquisition), and from new entrant 
CoSine Communications. Cisco will maintain much of its market share, even 
though it lacks a state-of-the-art product. 

Contributors. Jennifer Pigg and Mark Lowenstein 

Akamai Technologies * * * A secret formula for caching content-and thereby 
speeding up Web-site downloads-took this startup from nowhere to more than 
$25 billion in market capitalization last year. Major investments from 
Cisco and Microsoft have positioned Akamai well for its second act: 
delivering streaming media and applications from its distributed network. 
These markets are just emerging but will become tremendously important over 
the next 24 months. 

Nortel Networks *** Nortel made a strong move by aggressively introducing 
succession networks in the first part of 1999, gaining some early mind 
share in the migration of voice from circuit to packet networks. Wireless 
has also been a big success story for Nortel, although the company has had 
difficulty taking advantage of its early lead on mobile IP. Other moves, 
including increased public marketing, new product introductions, and 
acquisitions such as Shasta Networks, have helped move Nortel away from its 
traditionally quiet legacy into the limelight of the Internet 
infrastructure. As optical technology becomes increasingly important, the 
company is very nicely positioned. 

Avid System ** Since it parted ways with Nortel, Avici's ability to get a 
foot in the customer's door has been much weakened. The prognosis is not 
good for the terabit network builder. 

Cisco System **** Market share, shrewd leadership and marketing muscle will 
keep Cisco going indefinitely. Emerging rivals are forcing the company to 
move its technology to the next level, but outstanding management makes it 
likely to succeed. 

Juniper Networks *** Innovation, focus, and precise execution will help 
Juniper enjoy strong growth for years to come. 

Lucent Technologies *** The company has made some excellent strategic 
acquisitions, including International Network Services (INS) and Nexabit 
Networks. The combination will provide consulting and operations for voice 
and data networks of enterprises and service providers, innovative software 
systems for performance analysis and management, and a unique 

application-analysis capability through its VitalSuite products. Lucent has 
great hardware, but its ability to innovate at Internet speeds still must 
be proven . 

Newbridge Networks ** It's been a rough year for Newbridge, with some 
unfortunate earnings announcements, supply-chain problems, heavy 
competition, and finally the ouster of President Alan Lutz. Despite these 
negatives, the company still has a strong product fine and has moved into 
new arenas such as subscriber management and Local Multipoint Distribution 
Service (LMDS) . Whether these new initiatives will pull Newbridge out of 
its funk remains to be seen, but 2000 will likely be a long year for the 
company . 

Siemens Unisphere Solutions *** Great products, strong management and 
large-company backing will make Unisphere successful in the edge — 
networking space. 

PSINet *** The original commercial Internet service provider has remained 
independent for another year-impressive given rampant industry 
consolidation. To prosper, PSINet has gobbled up international ISPs and 
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their customers just as quickly as it can, in an attempt to become an 
worldwide IP supercarrier . 

Internet Security Systems *** CEO Tom Noonan and his team continued the 
company's strong revenue growth in 1999-more than $80.3 million, 
representing a 122-percent increase over 1998. This for a company that only 
two years ago had a mere $13.5 million in revenue. ISS retains a commanding 
No. 1 position in the market for adaptive network security management, with 
more than 30 percent market share. Its acquisition of Netrex, a provider of 
managed network security services, gives ISS a core professional — services 
organization that it desperately needed, as well as a strong and recurring 
revenue stream that should further turbocharge its earnings. 

Cylink *** Almost down and out in 1998 after revenue-recognition questions, 
Cylink made a strong comeback in 1999 under the leadership of new CEO 
William Crowell . With further product development and new releases of 
virtual private network (VPN) technology for ATM, frame relay, and IP 
networks; rolling out of public-key infrastructure products; and the 
further refinement of its secure Web-access products, Cylink should move 
into the mainstream of the e-commerce market. Don't be surprised if a 
network hardware vendor, in search of these components, purchases Cylink by 
the end of the year. 

NetSolve ** One of the last remaining independent managed-network-services 
companies, NetSolve provides ongoing remote WAN and LAN management and a 
broad set of security services, including intrusion detection and firewall 
management . 

Information Resource Engineering *** CEO Anthony Caputo ' s role in the 
development of the SafeNet suite combination of hardware and software for 
VPN systems — has been truly industry — leading: IRE can now boast every 
major networking vendor (including Cisco, Lucent, Cabletron, Network 
Alchemy, Xedia, and Altiga) as an OEM partner, for both VPN acceleration 
hardware and client-side software. 
MARKET PROJECTION 

NEXT-GENERATION NETWORKS 

CoSine Communications ** A startup that has executed well, CoSine brings 
service providers products that help them build IP-based VPNs — the next 
wave of IP value-added services. 

Alcatel Optics ** Alcatel started last year as the No. 2 maker of DSLAMs in 
the United States. By midyear, the company had doubled its market share to 
capture over half of all U.S. DSLAM orders, and solidified its position as 
the leading manufacturer worldwide. Alcatel has contracts with SBC, Bell 
Atlantic, and BellSouth. 

Copper Mountain Networks *** With a product focused on CLECs that deliver 
service to small and midsize businesses, Copper Mountain has leveraged key 
relationships with Northpoint Communications, Rhythms NetConnections, and 
other companies to become the leading supplier of DSLAMs for the business 
market. In a departure from its core strategy, Copper Mountain recently 
announced the ability to terminate consumer DSL connections as well. 

Digital Island ** In a universe flooded with application service providers 
(ASPs), Digital Island was one of the first companies to realize that 
content is key. In fact, it has built a business squarely focused on the 
challenge of content delivery to multinational companies scattered around 
the globe. With data centers in London and Hong Kong, Digital Island is 
also one of the few providers to address the international bandwidth 
bottleneck. Its merger with content-delivery enabler Sandpiper Networks 
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further demonstrates that competitors will have to offer the same suite of 
effective and economical delivery mechanisms to stay afloat. 

Predictive Systems ** A network consulting and integration 
company. Predictive has innovative methodologies to 
assess technology risks and provide network systems. 
Its expertise covers both service providers and 

enterprises, and its systems include network management, performance 
management, internetwork design, and information security. Comdisco ** 
Comdisco, known best for its business-continuity and hardware — leasing 
services, is branching out to become a fil-service supplier of network 
consulting, integration and managed services. The company combines 
expertise in both systems and networks with unique desktop management 
methodologies . 

AT&T Solutions *** Thanks to its partnership with IBM Global Network 
and its own large worldwide IP network and remote-access capabilities, 
AT&T Solutions is the world — wide leader in network integration and 
outsourcing. It provides outsourcing services for large customers as well 
as out-tasking services for smaller customers with a broad set of systems 
across all data communications technologies and transports. 

IPVerse *** This small startup is making a large splash as an innovator in 
call control and service delivery for next-generation service-provider 
networks. Aggressive providers such as Qwest Communications and Level 3 
Communications are looking to IPVerse to outfit their voice-over-IP 
networks with open service delivery and communications to traditional phone 
networks. The company has also teamed up with several convergence — switch 
vendors to help them provide full systems for circuit-to -packet voice 
migration . 

WIRELESS 

The wireless industry made a comeback in 1999. Most of the carriers posted 
gains in average revenues per subscriber-an important measure signaling the 
acceptance of all-inclusive rate plans. We are seeing the beginnings of 
landline displacement: 2 percent of wireless users in the United States say 
that their only phones are mobile, and the Yankee Group estimates that some 
250,000 users have cut the cord in the United States. As landline networks 
are optimized for high-speed data, more voice traffic will migrate to 
wireless networks. 

STOCK PERFORMANCE 

The carrier side of the industry has seen tremendous consolidation. There 
will soon be five nationwide (or nearly nationwide) carriers: AT&T 
Wireless, MCI WorldCom-Sprint PCS, Nextel Communications, Bell 
Atlantic-GTE-AirTouch, and SBC-Amer itech . The Global System for Mobile 
Communications (GSM) community is rapidly consolidating as well, led by 
VoiceStream Wireless (and its European investors Hutchison 

Telecommunications and Sonera) . The era of the wireless pure-play is coming 
to an end, and roaming as we've known it is going away as well. The surge 
in wireless usage is leading to continued high — capacity expansion in 
wireless networks, benefiting the infrastructure manufacturers. The 
leaders-Lucent Technologies, Nortel Networks, Motorola, and Ericsson-have 
all posted significant stock market gains. In 2000, for the first time ever 
in wireless, we expect capacity expansion to exceed network buildout. 

In terms of the ascendance of the wireless Internet we credit Phone.com. The 
company has been successful in developing a widely adopted standard called 
WAP Wireless Application Protocol) that optimizes Web content for mobile 
devices. Sprint PCS has also been a galvanizing force, by introducing a 
user-friendly, consumer-oriented service. Sprint's offerings still have 
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some problems with spotty coverage, which affect lucrative data services 
even more than it does voice traffic, but it has good partners such as 
Yahoo and a bevy of content providers, all backed up by a $20 million 
advertising campaign. Such activity may be a case of a rising tide lifting 
all boats: Look for aggressive moves in data this year from AT&T 
Wireless, Bell Atlantic, and Nextel Communications. 

We will also see lots of innovation on the mobile-device side. Nokia 
continues to be the market-share leader, but it has lost a little momentum. 
Upstart Neopoint has introduced a mobile phone with a great screen and 
excellent navigation features for data, and Motorola has finally come out 
with a long — awaited series of multinetwork digital models. Handheld PCs 
such as the Palm and Windows CE devices will increasingly be equipped with 
wireless communications capability; and as such will become true mobile 
companions . 

Contributor.- Mark Lowenstein 

AT&T Wireless *** The tremendous success of its Digital One Rate plan 
has turned the industry upside down and sparked a wave of consolidation. 
AT&T is now marketing innovative plans that target the youth market. In 
data efforts it has stumbled a bit, but the company hopes to rectify those 
missteps this year. 

Sprint PCS *** The fastest-growing wireless carrier, Sprint PCS has 
successfully launched wireless data services. Its churn rates, network 
coverage, and customer care have all improved since 1998. Its dual-mode 
phones have helped alleviate coverage problems, but Sprint still gets lots 
of coverage complaints. That needs to change for Sprint to take advantage 
of lucrative data services. 

Nextel Communications *** This company continues to be a hit with mobile 
workgroups. Its 1-1000 handset has helped Nextel move into the mainstream 
market. The company is also pinning lots of hope on data services with help 
from Microsoft. It's a good bet, but the service has been delayed by 
several months. Nextel hopes to solve its network-capacity challenge by 
buying additional spectrum from defunct C-block PCS (personal 
communications services) carriers. 

Bell Atlantic Mobile *** The best-run of the original cellular carriers, it 
will be the largest wireless provider after GTE and AirTouch are pulled 
together into Bell Atlantic, with a 27-percent market share. While somewhat 
conservative when it comes to introducing new services, the company focuses 
on network coverage and quality. This steady company needs to move faster 
on partnerships for data, however. 

VoiceStream Wireless * * * The leading U.S. GSM consolidation firm (along 
with investors Hutchison and Sonera), VoiceStream is a superbly managed 
company. But it still faces challenges in completing a nationwide GSM 
footprint, and it needs to adopt a stronger leadership position on data. 
Both of these initiatives will require a significant capital infusion and 
potentially a strategic investor or acquisition. 

Telia Mobitel **** With its "Department of the Future" program, 10 percent 
of revenues coming from data services in 1999, and the leading position in 
the Swedish wireless market, Telia is setting the standards for the 
movement from voice dominance to a voice-plus -visual 

wireless-communications business. The company is continually vying for 
over — all European leadership with Sonera, Finland's top wireless firm. 

Omnitel Pronto Italia *** Right from the start, Omnitel has proven to be a 
viable competitor to the Italian market leader, Telecom Italia Mobile. With 
its Internet portal, Omnitel 2000, the company is going for No. 1 in Italy, 
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working with Microsoft for its Web portal, and focusing on creating 
Internet-like communities for which it hopes to offer new services. Omnitel 
is an above-average bet, as Italians love their mobile phones. 

NTT DoCoMo *** Japan's dominant wireless carrier is on the move, and it has 
taken a leadership position in data. With billions in the bank from its 
highly successful IPO, the company is looking across the globe for 
third-generation investment opportunities. The question is, Can NTT DoCoMo 
replicate the success of its I-Mode wireless packet service in other 
markets? We think it can. 

Nokia **** The market-share leader has lost just a touch of momentum as 
competitors have regained some ground. Nokia's superb manufacturing has 
ensured global availability of its popular handset models, but the 
company's infrastructure position could be in jeopardy if the one-stop-shop 
purchasing paradigm comes into force. We're still looking for Nokia's 
nextgeneration data phone, which is key to its continued leadership through 
2000 . 

Ericsson *** The company has bottomed out, and it is putting the pieces 
into place to regain share. Ericsson continues to be strong in 
infrastructure and is looking to be a leader in mobile IP telephony, but 
when will it figure out that mobile handsets are consumer products? 
Execution will be critical this year. The recent Microsoft agreement is a 
good first step. 

Motorola *** The comeback kid of 1999, Motorola introduced long — awaited 
digital models and data-ready phones, and it still has a magical brand. The 
company is involved in more alliances and strategic investments than we can 
keep track of, but many are under leveraged . Its wireless infrastructure 
(tied to Cisco Systems) is only now getting off the ground, but it is worth 
more than $1 billion. 

Qualcomm *** Certainly one of the great stock stories of 1999, Qualcomm's 
real value lies in its intellectual-property position and 
integrated-circuits business, which benefits from the global subscriber 
boom. The major wild cards are the role of CDMA (code division multiple 
access) in third-generation wireless networks, and whether the standard 
becomes more widely adopted in Europe and Asia — which would help increase 
CDMA market share . 

Palm **** With so many carriers, vendors, service providers, and Internet 
companies relying on Palm's gizmos to entice consumers into the wireless 
world, the company will play a key role in defining the wireless Internet 
experience. But the devices' screen size, input method, processing power, 
memory, and battery life need to be integrated and better leveraged for the 
mobile consumer. Still, with its operating systems licensed to companies 
such as Nokia, expect the Palm OS to become the wireless user interface of 
choice. The market's vote on the Palm spinoff from 3Com has so far been 
very positive; so is ours. 

Research In Motion * * * RIM Interactive Pager has become popular as -a 
wirelessly integrated device for financial services and enterprise 
connectivity systems. The company's challenge is to expand the distribution 
channels for the device beyond its partners BellSouth Wireless Data, 
American Mobile Satellite, and Ardis, as well as to strengthen its own 
direct and indirect channels to improve the market opportunity for the 
product. We're confident in this company's role as an innovator. 

Symbian *** With the backing of the British handheld — computer developer 
Psion as well as the world's top mobile-phone companies, Symbian is poised 
to be a central player in the battles against Microsoft and Palm to be the 
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dominant operating system for mobile phones. But will internal feuds 
strangle this prodigy before it can get off its feet? Will Microsoft squash 
this small competitor, or will new OS developments elsewhere beat Symbian 
to the punch? The odds are 50-50. 

Arch Communications *** Empowered with distribution channels, network 
coverage, good spectrum, and 16 million subscribers, this new leader of the 
paging industry (having acquired industry giants MobileMedia and PageNet) 
has the tools and resources to prove to investors that there is still a 
market for messaging services. Look for Arch to expand paging technology 
into new markets and services that may not yet be apparent. The company's 
execution strategy should become clearer once it more fully absorbs 
PageNet . 

Centigram Communications *** With a major announcement that it is now Cable 
& Wireless's preferred enhanced-service vendor, Centigram is set to 
become a more significant international player. In addition, its new 
Internet-oriented unified communications platform puts the company in a 
strong position, as the Web becomes home base for the future of integrated 
messaging . 

Comverse Technology *** Still a major player in voice processing and 
enhanced services, Comverse is also moving into the information age with 
new products-such as the InfoPeeler — that let service providers customize 
information delivery for a customer to access anytime, anywhere. But this 
well-managed company needs partnerships in the IP space. 

Call Sciences *** It hit a home run as a major component of Telia! s 
Department of the Future offering to high-end users. Now it has improved 
its distribution channels and product offering. And rumor has it that Call 
Sciences will be announcing several other major deals for its unified 
messaging platform over the next few months; these will make or break the 
company . 

13 Mobile *** When the company was founded in 1991 as Intelligent 
Information and started offering content services for wireless devices, it 
either was lucky or had an uncanny ability to see the future. Now with 
wireless Internet services and applications in full swing, with content 
delivery leading the charge, 13 Mobile can take advantage of an industry 
segment that it played a large part in developing. With messaging traffic 
increasing by 50 percent between January and July 1999, the company is 
positioned to meet the formerly latent demand for wireless messaging 



Phone.com **** This company has gone a long way to make sure the WAP gospel 
(including the version developed by Apion) is being preached everywhere. 
The faithful include all major wireless players, as well as some 
nontradit ional wireless companies — indicating that Phone.com is playing a 
distinct role in shaping the cellular/PCS vision for wireless Internet 
services market opportunities. There is also a good opportunity for this 
platform to bridge not only wireless and the Internet but also different 
wireless technologies. 

Aether Systems *** With a background in supplying enterprise mobile data 
systems. Aether has created an underlying technology and outsourcing 
service system to meet the mobile data needs of enterprises, financial — 
service companies and consumers alike. With a little more time and elbow 
grease, it can set the standard for deploying mobile data systems all over 
the world. Aether is making an early play in this space, which is still 
emerging but holds loads of potential. 

Puma Technology *** With all the hype surrounding wireless Internet 
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services, the customer may easily be satisfied with the end service while 
paying little or no heed to the enabling technology. Puma and a few other 
companies, including Riverbed Technologies and Certicom, have made their 
mark in providing facilities such as synchronization (as well as 
information management, applications development, and encryption), without 
which the market for wireless Internet services would still be stalled. 
This interesting niche, if successful, will ride on the coattails of 
wireless data. 

Nuance Communications *** Voice interfacing into a world of text-based 
information will be a major enabler of the new mobile environment. Nuance 
is at the core, with voice-recognition algorithms that it has licensed or 
used to create key partnerships with major players in the wireless 
industry. Keep listening for more! 

SignalSoft **** The Switzerland of all the location-technology 
developments, SignalSoft has signed several key deals in Europe and is also 
positioned as the market leader in the United States. Its products enable 
services such as location-sensitive billing and one-to-one location-based 
information and marketing. The company must tie the technology to a mobile 
data play, which would mean the mass personalization nirvana we all dream 
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E-Business ISO Alphabetical index 
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UPSIDE'S ADVERTISING INDEX CONNECTIONS TO UPSIDE 
How We Score the Companies 

Our commentary is based on the 1,500-plus meetings we have each year at 
Yankee Group and is intended to predict what the future holds for each 
company, We also added a list of up-and-comers-companies that could make 
the list one or two years down the road. We then scored all the companies 
in four areas, on a scale of I to 5, with 5 being besL Finally, we 
calculated an overall score by weighting the five areas as follows: 
Innovation, 25 percent, Market Share, 20 percent; Overseas Strength, 15 
percent; Management 25 percent; Alliances, 15 percent. 

Innovation Is the company a true innovator within its industry? Are their 
offerings really innovations or just short-term fixes? Most difficult of 
all to measure are the company's innovations (if any) and ability to 
innovate continuously? 

Market Share What is the company's market share within its primary lines of 
business, and is it growing or losing that share? How effectively is the 
company entering new markets? if it fails in a market how quickly does it 
cut losses? No company (at least no non-Internet company) can continue to 
pour R&D into its offerings if the investments aren't paying off, and 
customers know that Big market share means that customers are not alone. 

Overseas Strength What percentage of the company's business comes from 
outside the United States? (A score of 5 means more than 50 percent of its 
volume comes from overseas; a score of 1 means less than 20 percent.) The 
Internet not only makes technology global, but it becomes the great 
equalizer, so customers demand to see the same technology available 
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everywhere . 



Alliances What are the company's alliances, and how well do they stack up 
against those of competitors? Are the alliances tactical or strategic? 
Short-term or long-term? Focused or vague? Are they real partnerships or 
mere press-release relationships? Alliances backed by substantial joint 
engineering and development not only save customers pain and inconvenience, 
but they can also provide a broader solution scope than individual 
contributors can-a key to staying power. 

Growth How rapidly is the company growing? (A score of 5 means it is 

growth.) How does its growth compare to that of its competitors? is its 
growth generated internally or through mergers? And has the company gone 
from being a one-trick pony to developing an entire product line that works 
together? 

Chris Selland is vice President of the Yankee Group's e-business Strategies 
Research and Consulting Group. 

Howard Anderson is the founder and chairman of the Yankee Group, as well as 
apartner in Battery Ventures and a managing partner at YankeeTek . 

Additional research by UPSIDE assistant editors Elizabeth Desimone and Dan 
Selicaro . 

The Yankee Group may provide research information or other consulting 
services to the companies mentioned in this article, the com 
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